NAME
       snyk-iac - Find security issues in your Infrastructure as Code files

SYNOPSIS
       snyk iac [COMMAND] [OPTIONS] PATH

DESCRIPTION
       Find security issues in your Infrastructure as Code files.

       For more information see IaC help page https://snyk.co/ucT6Q

COMMANDS
       test   Test for any known issue.

OPTIONS
       --detection-depth=DEPTH
              (only in test command)
              Indicate  the  maximum depth of sub-directories to search. DEPTH
              must be a number.

              Default: No Limit
              Example: --detection-depth=3
              Will limit search to provided directory (or current directory if
              no PATH provided) plus two levels of subdirectories.

       --severity-threshold=low|medium|high
              Only report vulnerabilities of provided level or higher.

       --json Prints results in JSON format.

       --json-file-output=OUTPUT_FILE_PATH
              (only  in test command) Save test output in JSON format directly
              to the specified file, regardless of whether or not you use  the
              --json  option. This is especially useful if you want to display
              the human-readable test output via stdout and at the  same  time
              save the JSON format output to a file.

       --sarif
              Return results in SARIF format.

       --sarif-file-output=OUTPUT_FILE_PATH
              (only in test command) Save test output in SARIF format directly
              to the OUTPUT_FILE_PATH file, regardless of whether or  not  you
              use the --sarif option. This is especially useful if you want to
              display the human-readable test output via  stdout  and  at  the
              same time save the SARIF format output to a file.

       --experimental
              (only  in  test  command) Enable an experimental feature to scan
              configuration files locally on your machine. This  feature  also
              gives you the ability to scan terraform plan JSON files.

   Flags available accross all commands
       --insecure
              Ignore unknown certificate authorities.

       -d     Output debug logs.

       --quiet, -q
              Silence all output.

       --version, -v
              Prints versions.

       [COMMAND] --help, --help [COMMAND], -h
              Prints  a  help  text. You may specify a COMMAND to get more de-
              tails.

EXAMPLES
       For more information see IaC help page https://snyk.co/ucT6Q

       Test kubernetes file
              $ snyk iac test /path/to/Kubernetes.yaml

       Test terraform file
              $ snyk iac test /path/to/terraform_file.tf

       Test terraform plan file
              $ snyk iac test /path/to/tf-plan.json --experimental

       Test matching files in a directory
              $ snyk iac test /path/to/directory

EXIT CODES
       Possible exit codes and their meaning:

       0: success, no vulns found
       1: action_needed, vulns found
       2: failure, try to re-run command
       3: failure, no supported projects detected

ENVIRONMENT
       You can set these environment variables to change CLI run settings.

       SNYK_TOKEN
              Snyk authorization token. Setting this envvar will override  the
              token that may be available in your snyk config settings.

              How to get your account token https://snyk.co/ucT6J
              How to use Service Accounts https://snyk.co/ucT6L


       SNYK_CFG_KEY
              Allows  you  to  override  any key that's also available as snyk
              config option.

              E.g. SNYK_CFG_ORG=myorg will override default org option in con-
              fig with "myorg".

       SNYK_REGISTRY_USERNAME
              Specify  a  username  to use when connecting to a container reg-
              istry. Note that using the --username flag  will  override  this
              value.  This  will  be  ignored in favour of local Docker binary
              credentials when Docker is present.

       SNYK_REGISTRY_PASSWORD
              Specify a password to use when connecting to  a  container  reg-
              istry.  Note  that  using the --password flag will override this
              value. This will be ignored in favour  of  local  Docker  binary
              credentials when Docker is present.

Connecting to Snyk API
       By default Snyk CLI will connect to https://snyk.io/api/v1.

       SNYK_API
              Sets  API  host  to use for Snyk requests. Useful for on-premise
              instances and configuring proxies. If set with http protocol CLI
              will  upgrade  the  requests  to  https. Unless SNYK_HTTP_PROTO-
              COL_UPGRADE is set to 0.

       SNYK_HTTP_PROTOCOL_UPGRADE=0
              If set to the value of 0, API requests aimed at http  URLs  will
              not  be upgraded to https. If not set, the default behavior will
              be to upgrade these requests from http to  https.  Useful  e.g.,
              for reverse proxies.

       HTTPS_PROXY and HTTP_PROXY
              Allows  you  to specify a proxy to use for https and http calls.
              The https in the HTTPS_PROXY means  that  requests  using  https
              protocol  will  use this proxy. The proxy itself doesn't need to
              use https.

NOTICES
   Snyk API usage policy
       The use of Snyk's API, whether through the use of the 'snyk' npm  pack-
       age   or   otherwise,   is   subject   to   the   terms   &  conditions
       https://snyk.co/ucT6N