NAME
       snyk-container - Test container images for vulnerabilities

SYNOPSIS
       snyk container [COMMAND] [OPTIONS] [IMAGE]

DESCRIPTION
       Find vulnerabilities in your container images.

COMMANDS
       test   Test for any known vulnerabilities.

       monitor
              Record  the  state  of  dependencies  and any vulnerabilities on
              snyk.io.

OPTIONS
       --exclude-base-image-vulns
              Exclude from display base image vulnerabilities.

       --file=FILE_PATH
              Include the path to the image's Dockerfile for more detailed ad-
              vice.

       --platform=PLATFORM
              For  multi-architecture  images,  specify  the platform to test.
              [linux/amd64,   linux/arm64,    linux/riscv64,    linux/ppc64le,
              linux/s390x, linux/386, linux/arm/v7 or linux/arm/v6]

       --json Prints results in JSON format.

       --json-file-output=OUTPUT_FILE_PATH
              (only  in test command) Save test output in JSON format directly
              to the specified file, regardless of whether or not you use  the
              --json  option. This is especially useful if you want to display
              the human-readable test output via stdout and at the  same  time
              save the JSON format output to a file.

       --sarif
              Return results in SARIF format.

       --sarif-file-output=OUTPUT_FILE_PATH
              (only in test command) Save test output in SARIF format directly
              to the OUTPUT_FILE_PATH file, regardless of whether or  not  you
              use the --sarif option. This is especially useful if you want to
              display the human-readable test output via  stdout  and  at  the
              same time save the SARIF format output to a file.

       --print-deps
              Print the dependency tree before sending it for analysis.

       --project-name=PROJECT_NAME
              Specify a custom Snyk project name.

       --policy-path=PATH_TO_POLICY_FILE
              Manually pass a path to a snyk policy file.

       --severity-threshold=low|medium|high
              Only report vulnerabilities of provided level or higher.

       --username=CONTAINER_REGISTRY_USERNAME
              Specify  a  username  to use when connecting to a container reg-
              istry. This will be ignored in favour  of  local  Docker  binary
              credentials when Docker is present.

       --password=CONTAINER_REGISTRY_PASSWORD
              Specify  a  password  to use when connecting to a container reg-
              istry. This will be ignored in favour  of  local  Docker  binary
              credentials when Docker is present.

   Flags available accross all commands
       --insecure
              Ignore unknown certificate authorities.

       -d     Output debug logs.

       --quiet, -q
              Silence all output.

       --version, -v
              Prints versions.

       [COMMAND] --help, --help [COMMAND], -h
              Prints  a  help  text. You may specify a COMMAND to get more de-
              tails.

EXIT CODES
       Possible exit codes and their meaning:

       0: success, no vulns found
       1: action_needed, vulns found
       2: failure, try to re-run command
       3: failure, no supported projects detected

ENVIRONMENT
       You can set these environment variables to change CLI run settings.

       SNYK_TOKEN
              Snyk authorization token. Setting this envvar will override  the
              token that may be available in your snyk config settings.

              How to get your account token https://snyk.co/ucT6J
              How to use Service Accounts https://snyk.co/ucT6L


       SNYK_CFG_KEY
              Allows  you  to  override  any key that's also available as snyk
              config option.

              E.g. SNYK_CFG_ORG=myorg will override default org option in con-
              fig with "myorg".

       SNYK_REGISTRY_USERNAME
              Specify  a  username  to use when connecting to a container reg-
              istry. Note that using the --username flag  will  override  this
              value.  This  will  be  ignored in favour of local Docker binary
              credentials when Docker is present.

       SNYK_REGISTRY_PASSWORD
              Specify a password to use when connecting to  a  container  reg-
              istry.  Note  that  using the --password flag will override this
              value. This will be ignored in favour  of  local  Docker  binary
              credentials when Docker is present.

Connecting to Snyk API
       By default Snyk CLI will connect to https://snyk.io/api/v1.

       SNYK_API
              Sets  API  host  to use for Snyk requests. Useful for on-premise
              instances and configuring proxies. If set with http protocol CLI
              will  upgrade  the  requests  to  https. Unless SNYK_HTTP_PROTO-
              COL_UPGRADE is set to 0.

       SNYK_HTTP_PROTOCOL_UPGRADE=0
              If set to the value of 0, API requests aimed at http  URLs  will
              not  be upgraded to https. If not set, the default behavior will
              be to upgrade these requests from http to  https.  Useful  e.g.,
              for reverse proxies.

       HTTPS_PROXY and HTTP_PROXY
              Allows  you  to specify a proxy to use for https and http calls.
              The https in the HTTPS_PROXY means  that  requests  using  https
              protocol  will  use this proxy. The proxy itself doesn't need to
              use https.

NOTICES
   Snyk API usage policy
       The use of Snyk's API, whether through the use of the 'snyk' npm  pack-
       age   or   otherwise,   is   subject   to   the   terms   &  conditions
       https://snyk.co/ucT6N