Snyk is a cloud-native, developer-oriented tool designed to scan and monitor your projects for security vulnerabilities. It covers multiple areas of application security including open source security management, code vulnerabilities, container vulnerability management, and infrastructure as code security. Whether you work with Java, .NET, JavaScript, Python, Golang, PHP, C/C++, Ruby, Scala or other languages, Snyk has got you covered. Besides supporting various languages, Snyk CLI also extends its support to Docker scanning and Infrastructure as Code files scanning. It gives you the power to find and automatically fix open source vulnerabilities, find and fix vulnerabilities in your real-time application code, handle vulnerabilities in container images and Kubernetes applications, and identify and fix insecure configurations in Terraform and Kubernetes code.
To use Snyk, the first step is to install the Snyk CLI. The CLI offers the functionality of Snyk in your development workflow and it can be run locally or in your CI/CD pipeline. You can install it through multiple channels like npm or Yarn, standalone executables, Homebrew, Scoop, or Docker. After installing Snyk CLI, you need to connect it with Snyk.io APIs by running the command snyk auth. Depending on your project's language, you might need to set up your language environment using the Language Support documentation. Snyk CLI can scan your project by running snyk test in a folder with a supported project. It can also monitor your project periodically and alert you for new vulnerabilities through the snyk monitor command. Using Snyk in your CI/CD by adding integrations makes it even more powerful as it continuously scans and monitors your projects for vulnerabilities.
The Snyk docs can be accessed from the comprehensive Snyk CLI help which can be viewed by running snyk --help. Further support and answers for specific questions can be obtained from the Language Support documentation or by contacting Snyk's support. For deeper insights on how Snyk CLI is implemented, you can check out the design decisions. You can also dive into other projects and tools covered in this repository like @snyk/fix and @snyk/protect. For any security issues or concerns, please see SECURITY.md file in this repository. When you use Snyk's API, whether through the 'snyk' npm package or otherwise, you are subjected to their Terms & Conditions.
