Bright Security’s Enterprise Grade Dev-Centric DAST Integrates with

Microsoft Defender for Cloud →
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Snyk CLI Quick Guide: Installation and Common Commands

Snyk CLI Quick Guide: Installation and Common Commands

Oliver Moradov

What Is Snyk CLI?

Snyk is a popular security testing platform for developers. The Snyk Command Line Interface (CLI) lets you introduce Snyk functionality into your software development workflow, to scan for security problems as part of ongoing development. You can run Snyk CLI on a local machine or as part of a continuous integration/deployment (CI/CD) pipeline. 

The Snyk CLI lets you manually identify and fix dependency vulnerabilities in proprietary code; open source components and their dependencies; and infrastructure as code (IaC) templates. Snyk CLI supports a wide range of frameworks and languages, including .NET, Java, JavaScript, C/C++, Ruby, Python, PHP, Scala, and Golang.  

This is part of a series of articles about Web Application Security.

In this article:

Getting Started with the Snyk CLI

Follow these steps to start working with the CLI.

1. Install 

First, you need to install the Snyk Command Line Interface (CLI)—you can do this manually using an installer from the Snyk GitHub repository or via Scoop, npm, or Homebrew. Once installed, you can verify the CLI works using:


2. Authenticate

Authenticate your account via the browser or an application program interface (API) token to link your Snyk account to the CLI. 

3. Authorize

Snyk CLI requires APIs. Link the Snyk CLI to using:

snyk auth

4. Scan

Next, scan your project using one of the following options:

  • If your folder has a supported project, you can run:

snyk test

  • Alternatively, scan a Docker image using Snyk Container:

snyk container test ubuntu:18.04

  • You can also scan a Kubernetes file:

snyk iac test /path/to/kubernetes_file.yaml

5. Build a Project

Now you can start building your project. You need to build a project to test for vulnerabilities unless it has a lock file such as package-lock.json, yarn.lock, gemfile.lock, or paket.lock. For Gradle projects, you don’t need to provide a full build if your project already has an external Gradle file with declared versions of dependencies—you only need the build.gradle file and any other files declaring dependencies.

You build or install a project using:

  • npm install
  • mvn install
  • gradle build
  • dotnet restore
  • dep ensure

Common Snyk CLI Commands

Here are the most common Snyk CLI commands, what they do and how to use them. You run all CLI commands from the folder of the project you want to test. 

Note that all commands have an extensive set of flags and options—these are beyond the scope of the current article. Refer to the CLI documentation for more details, and to read about additional CLI commands we could not cover here.

Related content: Read our guide to Snyk alternatives

Snyk Test

Basic command: snyk test

What it does
Tests a local project for vulnerabilities, providing the following information:

  • Issues to fix by upgrading — you can fix one or more vulnerabilities by updating the project.
  • Patchable issue — Snyk provides a patch you can use to remediate the vulnerability.
  • Issues with no direct upgrade or patch — an issue in the main project or a transitive library that does not have a known fix. In some cases you can replace a transitive library with a newer version that fixes the vulnerability.

How to use it
There are a few ways to use the snyk test command:

  • Run in a local project to identify vulnerabilities. Ensure you first download your full dependency tree using commands like npm install or mvn install.
  • Run within your CI pipeline, and break the build when a vulnerability is found.
  • Run in a script—if the exit code is 0, this means no vulnerabilities were found.

Related content: Read our guide to application security testing

Snyk Monitor

Syntax example: snyk monitor

What it does
Takes a snapshot of a project’s vulnerabilities and uploads it to Snyk’s cloud platform. The command then monitors the project over time, and you can receive alerts when new vulnerabilities are discovered. This command uses snyk test under the hood.

How to use it
First run snyk test to identify vulnerabilities found in your project right now. Snyk recommends first remediating those vulnerabilities you can, and then before going to production, running snyk monitor. This way you can reach an acceptable level of vulnerabilities in the project and be alerted if new vulnerabilities are found.

Note that the results of snyk monitor are stored in the Snyk platform depending on the organization you are a part of. If you belong to several organizations, use the --org flag to indicate which organization this monitor belongs to.

Related content: Read our guide to security testing tools.

Snyk Ignore

Syntax: snyk ignore --id=<VULNERABILITY_ID> [--expiry=] [--reason=] []

What it does
It is common to have a vulnerability in an application which cannot be easily remediated, but which does not represent an immediate risk. In this case, you can use the snyk ignore command, telling Snyk to ignore this vulnerability for a certain period of time.

How to use it
First run snyk test and copy the vulnerability ID. You can then run snyk ignore, providing the vulnerability ID using the –id flag. 

Additional, optional flags are –expiry, which specify on what date Snyk should resume reporting the vulnerability, and –reason, which is a text field explaining why you are ignoring the vulnerability.

For example:

$ snyk ignore --id=npm:tough-cookie:20160722 --expiry=2020-12-20 --reason=’Package not used in runtime’

Snyk Container

Syntax: snyk container test <image>:<tag>

What it does
Scans container images, distroless images, and container archives for vulnerabilities. You can also monitor images on an ongoing basis, similar to the snyk monitor command.

How to use it

  • You can scan a Docker image you downloaded from a repository by running snyk container test <image>:<tag>
  • You can scan a distroless image like this: snyk container test | head
  • You can scan a container archive like this: snyk container test docker-archive:container.tar
  • If you add a Dockerfile to any of these commands, Snyk provides remediation advice on the base image, and suggests alternative base images from Snyk if available.

Snyk Infrastructure As Code

Syntax: snyk iac test <PATH_TO_CONFIG>

What it does
Lets you identify and fix misconfigurations in infrastructure as code (IaC) systems like Terraform or Kubernetes. You can run scans from your local machine or as part of a continuous integration (CI) process.

How to use it
To scan a Kubernetes or Terraform template file, use commands like these:

$ snyk iac test /path/to/Kubernetes.yaml

$ snyk iac test /path/to/

Snyk Auth

Syntax: snyk auth [<API_TOKEN>] []

What it does
Lets you authenticate Snyk CLI using your Snyk account. 

How to use it
The <API_TOKEN> input is necessary for CI environments to validate the Snyk API command. If you run $ snyk auth without <API_TOKEN>, a browser window opens, prompting you to log in and authorize using a Snyk..

Snyk Protect

Syntax: snyk protect []

What it does
Lets you apply patches to vulnerable dependencies.

How to use it 
You can use $ snyk protect after you open a fix pull request from the GitHub website or if you run the Snyk wizard on the CLI. This command reads .snyk policy files to determine the patches it applies.

Snyk Wizard

Syntax: snyk wizard []

What it does
Provides various functions to help you detect, keep track of, and fix vulnerabilities.

How to use it
Use the wizard as a guide for fixing discovered vulnerabilities. The Snyk wizard can enumerate local dependencies and query the Snyk servers to find vulnerabilities. You can use it to create .snyk policy files that determine Snyk commands like test and protect. The wizard can also retain a record of your dependencies and notify you of new vulnerabilities.

Complement Snyk with a Developer-First DAST

To ensure your apps and API are secure before hitting production, use SCA like Snyk’s, and Bright’s automated DAST in conjunction.

Snyk’s SCA will allow you to detect your open-source vulnerabilities that may underpin your applications, while Bright’s innovative DAST lets you seamlessly detect security vulnerabilities across your applications and APIs. As Bright automatically validates results, they are NO false-positives, with developer-friendly remediation guidelines provided for each finding.

By leveraging both Snyk and Bright, you are covering all your bases, to find a broader range of vulnerabilities faster and earlier.

The question is not if you should be using SCA or DAST, but how and when you can start to use them together across the pipelines.

Sign-up for a free Bright account.


Domain Hijacking: How It Works and 6 Ways to Prevent It

What Is Domain Hijacking?  Domain hijacking refers to the unauthorized acquisition of a domain name by a third party, effectively taking control away from the rightful owner. This form of cyber attack can lead to significant disruptions, including loss of website functionality, email services, and potentially damaging the brand’s reputation.  Domain hijackers often exploit security

Mastering Vulnerability Management: A Comprehensive Guide

Modern day organizations face a constant barrage of cyber threats, making it imperative to implement robust vulnerability management processes. Vulnerability management is a systematic approach to identifying, evaluating, treating, and reporting on security vulnerabilities in systems and their associated software. In this blog post, we’ll delve into the four crucial steps of vulnerability management process

Vulnerability Scanners: 4 Key Features, Types, and How to Choose

A vulnerability scanner is a specialized software tool designed to assess the security of computers, networks, or applications by automatically detecting and analyzing weaknesses. These scanners proactively search for security vulnerabilities, such as unpatched software, misconfigurations, and other security gaps that could be exploited by attackers. Some scanners can simulate the actions of an attacker to help identify exploitable vulnerabilities.

Get our newsletter