diff --git a/help/cli-commands/container-sbom.md b/help/cli-commands/container-sbom.md index 2fed7ababd..bb6f842b7f 100644 --- a/help/cli-commands/container-sbom.md +++ b/help/cli-commands/container-sbom.md @@ -10,7 +10,7 @@ The `snyk container sbom` feature requires an internet connection. ## Usage -`$ snyk container sbom --format= [--org=] [--platform=] [--exclude-app-vulns] ` +`$ snyk container sbom --format= [--org=] [--platform=] [--exclude-app-vulns] [--exclude-node-modules] [--nested-jars-depth=] [--username=] [--password=] ` ## Description @@ -47,7 +47,7 @@ Use this option when your default Organization does not have API entitlement. If this option is omitted, the default Organization for your account will be used. -This is the `` that is the current preferred Organization in your [Account settings](https://app.snyk.io/account) +This is the `` that is the current preferred Organization in your [Account settings](https://app.snyk.io/account) Set a default to ensure all newly tested projects are tested under your default Organization. If you need to override the default, use the `--org=` option. @@ -73,6 +73,26 @@ You can disable generation for application dependencies by adding `--exclude-app For more information about application scanning, see [Detect application vulnerabilities in container images](https://docs.snyk.io/scan-using-snyk/snyk-container/use-snyk-container-from-the-web-ui/detect-application-vulnerabilities-in-container-images) +### `[--exclude-node-modules]` + +Allow disabling the scan of `node_modules` directories inside node.js container images. + +In CLI versions v1.1292.0 and higher, `node_modules` scanning is enabled by default. + +When `node_modules` scanning is disabled, Snyk reports vulnerabilities for npm projects sourced from application file pairs: `[package.json, package-lock.json], [package.json, yarn.lock]`. + +### `[--nested-jars-depth=]` + +When `app-vulns` is enabled, use the `--nested-jars-depth=n` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number. + +### `[--username=]` + +Specify a username to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present. + +### `[--password=]` + +Specify a password to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present. + ### `` Required. The image for which you will generate an SBOM document. diff --git a/help/cli-commands/monitor.md b/help/cli-commands/monitor.md index 61920f5af9..36ddb2b8c6 100644 --- a/help/cli-commands/monitor.md +++ b/help/cli-commands/monitor.md @@ -331,7 +331,7 @@ This is useful when you have multiple projects with the same name in other `.sln **Note:** This option in in Early Access and may change until it is released. -Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](../../../supported-languages/supported-languages-list/.net/improved-.net-scanning.md) +Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](/broken/pages/PvXOZ1NqIqQz46Zk799z) Example: `snyk test --dotnet-runtime-resolution` diff --git a/help/cli-commands/redteam.md b/help/cli-commands/redteam.md index edf2e0958e..c894907e8b 100644 --- a/help/cli-commands/redteam.md +++ b/help/cli-commands/redteam.md @@ -47,6 +47,26 @@ Default: redteam.yaml in the current working directory. Optional. Save the output as a JSON to the specified file path. +### `--html` + +Optional. Print the red teaming report in HTML format to stdout instead of JSON. The generated report is a self-contained HTML file with embedded CSS and JavaScript that can be viewed in any browser. + +Example: `$ snyk redteam --experimental --html > report.html` + +### `--html-file-output=` + +Optional. Save the HTML report to the specified file path, regardless of whether or not you use the `--html` option. + +Use to display the default JSON output using stdout and at the same time save the HTML report to a file. + +Example: `$ snyk redteam --experimental --html-file-output=report.html` + +### `--scanning-agent-id=` + +Optional. Specify the scanning agent ID to use for the scan. This overrides the `scanning_agent` value in the configuration file. + +Example: `$ snyk redteam --experimental --scanning-agent-id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` + ## Configuration file If you do not specify a configuration file with `--config=`, the tool searches for `redteam.yaml` in the current working directory by default. @@ -186,7 +206,7 @@ Note that the scanning agent is scoped to the user and Organization, meaning tha snyk redteam scanning-agent create --experimental ``` -2. Copy the output and spin the scanning agent container with `docker run ...` +2. Copy the output and spin the scanning agent container with `docker run ...` 3. Update your [configuration](redteam.md#configuration-file) to point to a target your internal scanning agent container can reach, for example, `host.docker.internal` (if testing locally). 4. Add the `scanning_agent` option to the [options](redteam.md#options-object) field in the [configuration](redteam.md#configuration-file) 5. Run the scan:
@@ -232,8 +252,8 @@ https://github.com/Probely/farcaster-onprem-agent Notes: -- Ensure to copy the `Agent Token`, store it securely, and follow the instructions. -- You are limited to three scanning agents per user and Organization. +- Ensure to copy the `Agent Token`, store it securely, and follow the instructions. +- You are limited to three scanning agents per user and Organization. #### Specifying the name (optional) @@ -278,7 +298,7 @@ snyk redteam scanning-agent delete --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --e ### Running a scan with an agent -To run a scan with an agent you have two options: specifying `scanning_agent` in the configuration [options](redteam.md#options-object) or passing `--scanning-agent-id` flag to the `redteam` command. +To run a scan with an agent you have two options: specifying `scanning_agent` in the configuration [options](redteam.md#options-object) or passing `--scanning-agent-id` flag to the `redteam` command. #### Running using the CLI @@ -303,6 +323,16 @@ Note: This method takes precedence over other specific methods. snyk redteam --experimental ``` +## Get scan results + +You can retrieve the results of individual scans. To retrieve scan results, run the following command: + +```bash +snyk redteam --experimental get --id= +``` + +This command accepts the same options as the `snyk redteam --experimental` command. + ## Supported vulnerabilities The following vulnerabilities ids are supported: diff --git a/help/cli-commands/test.md b/help/cli-commands/test.md index 5b76401688..6632ac8719 100644 --- a/help/cli-commands/test.md +++ b/help/cli-commands/test.md @@ -362,18 +362,8 @@ This is useful when you have multiple projects with the same name in other `.sln ## Options for .NET projects -### `--dotnet-runtime-resolution` - -**Note:** This option in Early Access and may change until it is released. - -Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](../../../supported-languages/supported-languages-list/.net/improved-.net-scanning.md) - -Example: `snyk test --dotnet-runtime-resolution` - ### `--dotnet-target-framework` -**Note:** This option in Early Access and may change until it is released. - Optional. You may use this option if your solution contains multiple `` directives. If you do not specify the option `--dotnet-target-framework`, all supported Target Frameworks will be scanned. The Target Framework specified with this option should be defined following the standard [naming convention](https://learn.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks)