Official Snyk CLI for testing dependencies, code, containers, and IaC for vulnerabilities, policy issues, and ongoing monitoring.
$brew tap snyk/tap && brew install snyk
Agent Compatibility
JSON Output
Agent Skill
MCP Support
AI Analysis
Snyk CLI is Snyk's shell interface for testing software projects, container images, and infrastructure definitions against Snyk's vulnerability and policy data. It also snapshots projects for ongoing monitoring and exposes newer SBOM, AI-BOM, and AI red-team workflows when those products are enabled.
What It Enables
- Test dependency manifests, source code, container images, and IaC files locally or in CI, then filter or export findings for gating and remediation.
- Snapshot projects to Snyk with
monitor, attach repo and project metadata, and keep receiving new-vulnerability alerts after the initial scan. - Generate SBOMs, detect unmanaged cloud resources with
iac describe, and run newer AI-BOM or red-team scans for supported environments.
Agent Fit
- Core scan commands are non-interactive and return distinct exit codes for clean results, findings, and failures, which fits CI and agent retry loops.
- JSON and SARIF output are available across
test,code test,container test,iac test,monitor, andiac describe, so follow-up parsing is straightforward. - The repo also ships first-party MCP-related support such as
mcp-scan, but the main automation value is still direct CLI use against Snyk scans and reports.
Caveats
- Most real workflows require Snyk authentication, internet access, and in some cases paid or experimental features rather than a fully local scan.
- Open source and some ecosystem scans may invoke package managers or project builds, so the relevant tooling must already be installed and trusted.