snyk · team-cli-bot · Feb 24, 2026
@@ -10,7 +10,7 @@ The `snyk container sbom` feature requires an internet connection.
 
 ## Usage
 
-`$ snyk container sbom --format=<cyclonedx1.4+json|cyclonedx1.4+xml|cyclonedx1.5+json|cyclonedx1.5+xml|cyclonedx1.6+json|cyclonedx1.6+xml|spdx2.3+json> [--org=<ORG_ID>] [--platform=<PLATFORM>] [--exclude-app-vulns] <IMAGE>`
+`$ snyk container sbom --format=<cyclonedx1.4+json|cyclonedx1.4+xml|cyclonedx1.5+json|cyclonedx1.5+xml|cyclonedx1.6+json|cyclonedx1.6+xml|spdx2.3+json> [--org=<ORG_ID>] [--platform=<PLATFORM>] [--exclude-app-vulns] [--exclude-node-modules] [--nested-jars-depth=<DEPTH>] [--username=<CONTAINER_REGISTRY_USERNAME>] [--password=<CONTAINER_REGISTRY_PASSWORD>] <IMAGE>`
 
 ## Description
 
@@ -47,7 +47,7 @@ Use this option when your default Organization does not have API entitlement.
 
 If this option is omitted, the default Organization for your account will be used.
 
-This is the `<ORG_ID>` that is the current preferred Organization in your [Account settings](https://app.snyk.io/account)&#x20;
+This is the `<ORG_ID>` that is the current preferred Organization in your [Account settings](https://app.snyk.io/account)
 
 Set a default to ensure all newly tested projects are tested under your default Organization. If you need to override the default, use the `--org=<ORG_ID>` option.
 
@@ -73,6 +73,26 @@ You can disable generation for application dependencies by adding `--exclude-app
 
 For more information about application scanning, see [Detect application vulnerabilities in container images](https://docs.snyk.io/scan-using-snyk/snyk-container/use-snyk-container-from-the-web-ui/detect-application-vulnerabilities-in-container-images)
 
+### `[--exclude-node-modules]`
+
+Allow disabling the scan of `node_modules` directories inside node.js container images.&#x20;
+
+In CLI versions v1.1292.0 and higher, `node_modules` scanning is enabled by default.
+
+When `node_modules` scanning is disabled, Snyk reports vulnerabilities for npm projects sourced from application file pairs: `[package.json, package-lock.json], [package.json, yarn.lock]`.
+
+### `[--nested-jars-depth=<DEPTH>]`
+
+When `app-vulns` is enabled, use the `--nested-jars-depth=n` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.
+
+### `[--username=<CONTAINER_REGISTRY_USERNAME>]`
+
+Specify a username to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present.
+
+### `[--password=<CONTAINER_REGISTRY_PASSWORD>]`
+
+Specify a password to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present.
+
 ### `<IMAGE>`
 
 Required. The image for which you will generate an SBOM document.

@@ -331,7 +331,7 @@ This is useful when you have multiple projects with the same name in other `.sln
 
 **Note:** This option in in Early Access and may change until it is released.
 
-Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](../../../supported-languages/supported-languages-list/.net/improved-.net-scanning.md)
+Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](/broken/pages/PvXOZ1NqIqQz46Zk799z)
 
 Example: `snyk test --dotnet-runtime-resolution`
 

@@ -47,6 +47,26 @@ Default: redteam.yaml in the current working directory.
 
 Optional. Save the output as a JSON to the specified file path.
 
+### `--html`
+
+Optional. Print the red teaming report in HTML format to stdout instead of JSON. The generated report is a self-contained HTML file with embedded CSS and JavaScript that can be viewed in any browser.
+
+Example: `$ snyk redteam --experimental --html > report.html`
+
+### `--html-file-output=<PATH>`
+
+Optional. Save the HTML report to the specified file path, regardless of whether or not you use the `--html` option.
+
+Use to display the default JSON output using stdout and at the same time save the HTML report to a file.
+
+Example: `$ snyk redteam --experimental --html-file-output=report.html`
+
+### `--scanning-agent-id=<UUID>`
+
+Optional. Specify the scanning agent ID to use for the scan. This overrides the `scanning_agent` value in the configuration file.
+
+Example: `$ snyk redteam --experimental --scanning-agent-id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+
 ## Configuration file
 
 If you do not specify a configuration file with `--config=<PATH>`, the tool searches for `redteam.yaml` in the current working directory by default.
@@ -186,7 +206,7 @@ Note that the scanning agent is scoped to the user and Organization, meaning tha
     snyk redteam scanning-agent create --experimental
     ```
 
-2.  Copy the output and spin the scanning agent container with `docker run ...`&#x20;
+2.  Copy the output and spin the scanning agent container with `docker run ...`
 3.  Update your [configuration](redteam.md#configuration-file) to point to a target your internal scanning agent container can reach, for example, `host.docker.internal` (if testing locally).
 4.  Add the `scanning_agent` option to the [options](redteam.md#options-object) field in the [configuration](redteam.md#configuration-file)
 5.  Run the scan:<br>
@@ -232,8 +252,8 @@ https://github.com/Probely/farcaster-onprem-agent
 
 Notes:
 
-- Ensure to copy the `Agent Token`, store it securely, and follow the instructions.&#x20;
-- You are limited to three scanning agents per user and Organization.&#x20;
+- Ensure to copy the `Agent Token`, store it securely, and follow the instructions.
+- You are limited to three scanning agents per user and Organization.
 
 #### Specifying the name (optional)
 
@@ -278,7 +298,7 @@ snyk redteam scanning-agent delete --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --e
 
 ### Running a scan with an agent
 
-To run a scan with an agent you have two options: specifying `scanning_agent` in the configuration [options](redteam.md#options-object) or passing `--scanning-agent-id` flag to the `redteam` command.&#x20;
+To run a scan with an agent you have two options: specifying `scanning_agent` in the configuration [options](redteam.md#options-object) or passing `--scanning-agent-id` flag to the `redteam` command.
 
 #### Running using the CLI
 
@@ -303,6 +323,16 @@ Note: This method takes precedence over other specific methods.
     snyk redteam --experimental
     ```
 
+## Get scan results
+
+You can retrieve the results of individual scans. To retrieve scan results, run the following command:
+
+```bash
+snyk redteam --experimental get --id=<your-previous-scan-id>
+```
+
+This command accepts the same options as the `snyk redteam --experimental` command.
+
 ## Supported vulnerabilities
 
 The following vulnerabilities ids are supported:

@@ -362,18 +362,8 @@ This is useful when you have multiple projects with the same name in other `.sln
 
 ## Options for .NET projects
 
-### `--dotnet-runtime-resolution`
-
-**Note:** This option in Early Access and may change until it is released.
-
-Required. You must use this option when you test .NET projects using [Runtime Resolution Scanning](../../../supported-languages/supported-languages-list/.net/improved-.net-scanning.md)
-
-Example: `snyk test --dotnet-runtime-resolution`
-
 ### `--dotnet-target-framework`
 
-**Note:** This option in Early Access and may change until it is released.
-
 Optional. You may use this option if your solution contains multiple `<TargetFramework>` directives. If you do not specify the option `--dotnet-target-framework`, all supported Target Frameworks will be scanned.
 
 The Target Framework specified with this option should be defined following the standard [naming convention](https://learn.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks)