Snykctl
A command line tool for interacting with the Snyk API.
Installation
Precompiled executables are available Linux and macOS environments. These are available from Releases. You can grab those quickly with wget
like so for Linux:
wget -o snykctl https://github.com/garethr/snykctl/releases/download/v0.1.0/snykctl_v0.1.0_linux-amd64
chmod +x snykctl
And for macOS:
wget -o snykctl https://github.com/garethr/snykctl/releases/download/v0.1.0/snykctl_v0.1.0_darwin-amd64
chmod +x snykctl
Usage
Using the API requires a valid API token to be set in the SNYK_TOKEN
environment variable. The Snyk API is
enabled for all Snyk customers.
$ snykctl
snykctl - Command line tool for interacting with the Snyk API
Usage:
snykctl [command] [arguments]
Commands:
api [path ...] Make Snyk API requests and print raw responses
help [command] Help about any command.
Flags:
-h, --help Help for this command.
At the moment snykctl
has one subcommand, api
, which provides very low level access to the API.
List organizations API:
$ snykctl api orgs | jq
{
"orgs": [
{
"name": "some-org",
"id": "e1fde430-36f8-43a5-bd6b-7be6ss99b42b8",
"slug": "some-org",
"url": "https://app.snyk.io/org/some-org",
"group": null
},
]
}
The List members API:
$ snykctl api org e1fde430-36f8-43a5-bd6b-7be6ss99b42b membersxx
[
{
"id": "e5e77afc-4ffb-4adc-a450-efd634sds0a3",
"username": "someone",
"name": "Some One",
"email": "[email protected]",
"role": "admin"
}
]
The Test requirements file API:
$ snykctl api -m post --data fixtures/data.json test pip "?org=e1fde430-36f8-43a5-bd6b-7be6ss99b42"
{
"ok": false,
"issues": {
"vulnerabilities": [
{
"id": "SNYK-PYTHON-FLASK-42185",
"url": "https://snyk.io/vuln/SNYK-PYTHON-FLASK-42185",
"title": "Improper Input Validation",
"type": "vuln",
"description": "## Overview\n[flask](https://pypi.org/project/Flask/) is a lightweight WSGI web application framework.\n\nAffected versions of this package are vulnerable to Improper Input Validation. It did not detect the encoding of incoming JSON data as one of the supported UTF encodings, and allowed arbitrary encodings from the request.\n\n## Remediation\nUpgrade `flask` to version 0.12.3 or higher.\n\n## References\n- [GitHub PR](https://github.com/pallets/flask/pull/2691)\n- [GitHub Release Tag](https://github.com/pallets/flask/releases/tag/0.12.3)\n",
"from": [
"[email protected]"
],
"package": "flask",
"version": "0.12",
"severity": "high",
"exploitMaturity": "no-known-exploit",
"language": "python",
"packageManager": "pip",
"semver": {
"vulnerable": [
"[,0.12.3)"
]
},
"publicationTime": "2018-08-21T14:16:13.738000Z",
"disclosureTime": "2018-04-10T19:12:29.035000Z",
"isUpgradable": false,
"isPatchable": false,
"isPinnable": true,
"identifiers": {
"CVE": [
"CVE-2018-1000656"
],
"CWE": [
"CWE-20"
]
},
"credit": [
"Unknown"
],
"CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cvssScore": 7.5,
"patches": [],
"upgradePath": []
},
...
All methods of the API should be accessible by passing:
- The HTTP method for the API call with
--method
- Any required data, using
--data
. This accepts raw data or a path to a file
If you run into problems then --debug
provides more details about the requests made that may help identify the issue.