Safeguard
Tag

snyk-cli

Safeguard articles tagged "snyk-cli" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Vulnerability Management

Root cause: CVE-2022-40764, the Snyk CLI command injection

A crafted vendor.json field let attackers run shell commands from inside a security scanner — CVE-2022-40764 shows why CLI tools must never build shell strings.

Jul 12, 20266 min read
Product

How the Snyk CLI's authentication flow issues and stores ...

A technical walkthrough of how Snyk's CLI authenticates via `snyk auth`, where it stores API tokens locally, and why that plaintext credential file is worth protecting.

Aug 17, 20258 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
Product

How the Snyk CLI generates SARIF output for GitHub code s...

A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.

Aug 16, 20257 min read
Product

How the Snyk CLI's --all-projects flag discovers manifest...

A technical look at how Snyk CLI's --all-projects flag walks a repository, matches manifest files, and where directory-depth limits can leave dependencies unscanned.

Aug 15, 20257 min read
Product

How the Snyk CLI handles proxy and air-gapped enterprise ...

How the Snyk CLI actually handles corporate proxies, TLS-inspecting firewalls, and air-gapped network claims — based on Snyk's own documented configuration surface.

Aug 15, 20257 min read
DevSecOps

How the Snyk CLI's exit codes are structured for CI/CD fa...

A mechanical look at how the Snyk CLI's 0/1/2/3 exit codes work, how --severity-threshold and --fail-on change them, and how to branch on them correctly in CI/CD.

Aug 15, 20257 min read
Product

How Snyk's --project-tags and business-criticality flags ...

How Snyk CLI's --project-tags and --project-business-criticality flags attach business context to scans, and why that context can drift out of date.

Aug 14, 20257 min read
snyk-cli — Safeguard Blog