Known to work with Dagger v0.11.2
Check code, infrastructure-as-code and containers using Snyk from your Dagger pipelines.
Environment Variable | Required | Default | Description | Command |
---|---|---|---|---|
SNYK_TOKEN | Yes | -- | Your Snyk API token. You can get this from your Snyk Account page. | export SNYK_TOKEN=<your-snyk-token> |
SNYK_SEVERITY_THRESHOLD | No | Low | The severity threshold to filter by. (low, medium, high, critical) | export SNYK_SEVERITY_THRESHOLD=<your-threshold> |
Flag | Required | Description | Command | Available On |
---|---|---|---|---|
--org | No | Your Snyk organization ID. You can get this from your Snyk Account page. | --org myorg |
All |
--image | Yes | The container image to test. | --image alpine |
ContainersTest |
--src | Yes | The source folder to test. | --src ../project |
Test, CodeTest, IacTest |
--policy-path | No | The path pointing to .snyk policy definitions | --policy-path ../project/.snyk |
All |
Check the code in the current directory for vulnerabilities:
dagger call -m github.com/rropen/dagger-snyk snyk-test --src . --org myorg --token env:SNYK_TOKEN
Call the SNYK SAST tool:
dagger call -m github.com/rropen/dagger-snyk snyk-code-test --src . --org myorg --token env:SNYK_TOKEN
Check the infrastructure-as-code (e.g. Terraform etc) in the current directory for issues:
dagger call -m github.com/rropen/dagger-snyk snyk-iac-test --src . --org myorg --token $SNYK_TOKEN
Check the given container image for vulnerabilities:
dagger call -m github.com/rropen/dagger-snyk snyk-container-test --image "alpine:latest" --org myorg --token $SNYK_TOKEN