Some of your projects may contain multiple manifest files, that is, be in a monorepo. By default, snyk scans only one manifest file at a time. However, there is an argument that you can pass to the CLI to enable scanning of all manifest files.
To test all detected manifest files use the following command:
snyk test --all-projects
SnyK CLI version 1.275.0 and higher support auto-detection of manifest files in sub-directories.
To search sub-directories run snyk test
or snyk monitor
using the following options:
--all-projects
to auto-detect all projects in the working directory
--detection-depth=<number>
to search the specified levels of sub directories
To exclude specified sub-directories when running snyk test
or snyk monitor
with --all projects
, use the following option:
--exclude=<comma separated list of directory names>
The --exclude
option can be used with --detection-depth
to ignore directories at any level deep.
You can apply a common policy to all scanned manifest files by maintaining a central .snyk
policy file for ignores
if all the manifests being scanned are part of the same project. Use the following command to provide the .snyk
path as a parameter:
snyk test --all-projects --policy-path=src/lib/.snyk
This feature is available for all supported package managers.
Note: Gradle scans all root level project build.gradle
files with implied--all-sub-projects
You can test a specific a manifest file. Specify the file with the --file
option.
You can use the --project-name
option to rename this project when you run snyk monitor
, for example:
snyk monitor --org=myOrgName --file=package.json --project-name=myapp-frontend
snyk monitor --org=myOrgName --file=build.sbt --project-name=myapp-backend