diff --git a/help/cli-commands/code-test.md b/help/cli-commands/code-test.md index 47e0d1b4c6..1308fc1095 100644 --- a/help/cli-commands/code-test.md +++ b/help/cli-commands/code-test.md @@ -8,9 +8,9 @@ The `snyk code test` command tests for any known security issues using Static Code Analysis. -For more information see [Using Snyk Code via the CLI](../../scan-applications/snyk-code/using-snyk-code-from-the-cli/). +For more information see [Using Snyk Code via the CLI](../../scan-application-code/snyk-code/using-snyk-code-from-the-cli/). -For instructions on ignoring issues with `snyk code test` see [Excluding directories and files from the Snyk Code CLI test](../../scan-applications/snyk-code/using-snyk-code-from-the-cli/excluding-directories-and-files-from-the-snyk-code-cli-test.md). +For instructions on ignoring issues with `snyk code test` see [Excluding directories and files from the Snyk Code CLI test](../../scan-application-code/snyk-code/cli-for-snyk-code/excluding-directories-and-files-from-the-snyk-code-cli-test.md). ## Exit codes diff --git a/help/cli-commands/iac-test.md b/help/cli-commands/iac-test.md index 638d9aee4c..ead2279ed4 100644 --- a/help/cli-commands/iac-test.md +++ b/help/cli-commands/iac-test.md @@ -194,7 +194,7 @@ Note: This option supersedes`--remote-repo-url`, if both options are used togeth This can be used in combination with the `--report` option. -Specify a reference which differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. +Specify a reference that differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. Example, setting to the current Git branch: diff --git a/help/cli-commands/monitor.md b/help/cli-commands/monitor.md index aa8bbf128e..e2977628b8 100644 --- a/help/cli-commands/monitor.md +++ b/help/cli-commands/monitor.md @@ -141,8 +141,6 @@ For C++ only, scan all files for known open source dependencies. For options you can use with `--unmanaged` see [Options for scanning using `--unmanaged`](https://docs.snyk.io/snyk-cli/commands/monitor#options-for-scanning-using-unmanaged) -For more information see [Snyk for C/C++](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-c-c++) - ### `--ignore-policy` Ignore all set policies, the current policy in the `.snyk` file, org level ignores, and the project policy on snyk.io. @@ -159,9 +157,9 @@ Example: `$ snyk monitor --project-name=my-project` ### `--target-reference=` -Specify a reference which differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. Supported for Snyk Open Source and use with `--unmanaged`. +Specify a reference that differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. Supported for Snyk Open Source and use with `--unmanaged`. -For more information see [Separating projects by branch or version](https://docs.snyk.io/snyk-cli/secure-your-projects-in-the-long-term/grouping-projects-by-branch-or-version) +For more information see [Group projects by branch or version](https://docs.snyk.io/snyk-cli/secure-your-projects-in-the-long-term/grouping-projects-by-branch-or-version) ### `--policy-path=` @@ -213,8 +211,6 @@ This is an alias for `--project-tags` ## Options for Maven projects -For more information about Maven CLI options see [Snyk for Java and Kotlin](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven) - **Note**: The `--dev` option can be used with Maven projects. See also the [`--dev` option help](https://docs.snyk.io/snyk-cli/commands/monitor#dev) ### `--maven-aggregate-project` @@ -247,8 +243,6 @@ Auto-detect Maven, JAR, WAR, and AAR files recursively from the current folder.& ## Options for Gradle projects -For more information about Gradle CLI options see [Snyk for Java and Kotlin](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven) - ### `--sub-project=`, `--gradle-sub-project=` For Gradle "multi project" configurations, monitor a specific sub-project. @@ -405,8 +399,6 @@ Use this option to see what files contributed to each dependency identified. To see how confident Snyk is about the identified dependency and its version, use the `--print-deps` or `--print-dep-paths` option. -For more information on uses of CLI options for C/C++ projects see [Snyk for C / C++](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-c-c++) - ## Options for build tools ### `-- []` diff --git a/help/cli-commands/sbom.md b/help/cli-commands/sbom.md index 6f0373b6bd..169aefd1b0 100644 --- a/help/cli-commands/sbom.md +++ b/help/cli-commands/sbom.md @@ -10,7 +10,7 @@ The `snyk sbom` feature requires an internet connection. ## Usage -`$ snyk sbom --format= [--file=] [--unmanaged] [--org=] [--dev] [--all-projects] [--name=] [--version=] [--exclude=[,...]] [--detection-depth=] [--prune-repeated-subdependencies|-p] [--json-file-output=] []` +`$ snyk sbom --format= [--file=] [--unmanaged] [--org=] [--dev] [--all-projects] [--name=] [--version=] [--exclude=[,...]] [--detection-depth=] [--prune-repeated-subdependencies|-p] [--maven-aggregate-project] [--scan-unmanaged] [--scan-all-unmanaged] [--sub-project=] [--gradle-sub-project=] [--all-sub-projects] [--configuration-matching=] [--configuration-attributes=[,]] [--init-script=] [--json-file-output=] []` ## Description @@ -126,6 +126,64 @@ Optional. Instruct the CLI to autodetect a package manager manifest file to use Optional. Save the SBOM output as a JSON data structure directly to the specified file. This requires the SBOM `--format` to include `+json`. +## Options for Maven projects + +### `--maven-aggregate-project` + +Use `--maven-aggregate-project` instead of `--all-projects` when scanning Maven aggregate projects, that is, ones that use modules and inheritance. + +When scanning these types of projects, Snyk performs a compile to ensure all modules are resolvable by the Maven reactor. + +Be sure to run the scan in the same directory as the root pom.xml file. + +### `--scan-unmanaged` + +To scan individual JAR, WAR, or AAR files, use the following: + +`--scan-unmanaged --file=` + +### `--scan-all-unmanaged` + +Auto-detect Maven, JAR, WAR, and AAR files recursively from the current folder. + +**Note**: Custom-built JAR files, even with open-source dependencies, are not supported. + +## Options for Gradle projects + +### `--sub-project=`, `--gradle-sub-project=` + +For Gradle "multi project" configurations, scan a specific sub-project. + +### `--all-sub-projects` + +For "multi project" configurations, scan all sub-projects. + +### `--all-projects` + +See also the `--all-projects` option information in the Options section of this help. + +Use for monorepos. This detects all supported manifests. + +For Gradle monorepos Snyk looks only for root level `build.gradle` and `build.gradle.kts` files and applies the same logic as `--all-sub-projects` behind the scenes. + +This option is designed to be run in the root of your monorepo. + +### `--configuration-matching=` + +Resolve dependencies using only configuration(s) that match the specified Java regular expression. + +Example: `^releaseRuntimeClasspath$` + +### `--configuration-attributes=[,]...` + +Select certain values of configuration attributes to install and resolve dependencies. + +Example: `buildtype:release,usage:java-runtime` + +### `--init-script=` + +Use for projects that contain a Gradle initialization script. + ## Examples for the snyk sbom command ### Create a CycloneDX JSON document for a local software project diff --git a/help/cli-commands/test.md b/help/cli-commands/test.md index b58b05931c..58c77b9bc3 100644 --- a/help/cli-commands/test.md +++ b/help/cli-commands/test.md @@ -138,8 +138,6 @@ For C++ only, scan all files for known open source dependencies. For options you can use with `--unmanaged` see [Options for scanning using `--unmanaged`](https://docs.snyk.io/snyk-cli/commands/test#options-for-scanning-using-unmanaged) -For more information see [Snyk for C/C++](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-c-c++) - ### `--ignore-policy` Ignore all set policies, the current policy in the `.snyk` file, org level ignores, and the project policy on snyk.io. @@ -162,9 +160,9 @@ Specify a custom Snyk project name. ### `--target-reference=` -Specify a reference which differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. Supported for Snyk Open Source except for use with `--unmanaged`. +Specify a reference that differentiates this project, for example, a branch name or version. Projects having the same reference can be grouped based on that reference. Supported for Snyk Open Source except for use with `--unmanaged`. -For more information see [Separating projects by branch or version](https://docs.snyk.io/snyk-cli/secure-your-projects-in-the-long-term/grouping-projects-by-branch-or-version) +For more information see [Group projects by branch or version](https://docs.snyk.io/snyk-cli/secure-your-projects-in-the-long-term/grouping-projects-by-branch-or-version) You can use `--target-reference=` when running tests to apply the same ignores and policies as for a monitored target. @@ -220,8 +218,6 @@ To fail on any vulnerability (the default behavior), do not use the `--fail-on` ## Options for Maven projects -For more information see [CLI help for Maven Projects: Aggregate projects](https://docs.snyk.io/scan-application-code/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven#cli-help-for-maven-projects-aggregate-projects) - **Note**: The `--dev` option can be used with Maven projects. See also the [`--dev` option help](https://docs.snyk.io/snyk-cli/commands/test#dev) ### `--maven-aggregate-project` @@ -252,8 +248,6 @@ Auto-detect Maven, JAR, WAR, and AAR files recursively from the current folder.& **Note:** If you see the invalid string length error, refer to [Invalid string length error when scanning projects](https://docs.snyk.io/snyk-cli/test-for-vulnerabilities/invalid-string-length-error-when-scanning-projects) -For more information see [CLI help for Gradle projects](https://docs.snyk.io/scan-application-code/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven#cli-help-for-gradle-projects) - ### `--sub-project=`, `--gradle-sub-project=` For Gradle "multi project" configurations, test a specific sub-project. @@ -296,7 +290,7 @@ When you are monitoring a .NET project using NuGet `PackageReference` uses the p ### `--file=.sln` -Test all .NET projects included in the given `.sln` file. Projects referred to must have supported manifests. See [Snyk for .NET](https://docs.snyk.io/scan-application-code/snyk-open-source/snyk-open-source-supported-languages-and-package-managers/snyk-for-.net#snyk-cli-for-.net-projects) +Test all .NET projects included in the given `.sln` file. Projects referred to must have supported manifests. Example: `snyk test --file=myApp.sln` @@ -454,8 +448,6 @@ Use this option to see what files contributed to each dependency identified. To see how confident Snyk is about the identified dependency and its version, use the `--print-deps` or `--print-dep-paths` option. -For more information on uses of CLI options for C/C++ projects see [Snyk for C / C++](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-c-c++) - ## Options for build tools ### `-- []` @@ -472,8 +464,6 @@ Example: Use `snyk test --org=myorg -- -s settings.xml` NOT `snyk test --org=myorg -- "-s settings.xml"` -See also [Examples of how you can use Maven arguments with the Snyk CLI](https://docs.snyk.io/scan-application-code/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven#examples-of-how-you-can-use-maven-arguments-with-the-snyk-cli) - ## Examples for the snyk test command Test a project in the current folder for known vulnerabilities: