Some of your projects may contain multiple manifest files, that is, be in a monorepo. By default, snyk scans only one manifest file at a time. However, there is an argument that you can pass to the CLI to enable scanning of all manifest files.
To test all detected manifest files use the following command:
snyk test --all-projects
SnyK CLI version 1.275.0 and higher support auto-detection of manifest files in sub-directories.
To search sub-directories run
snyk test or
snyk monitor using the following options:
--all-projects to auto-detect all projects in the working directory
--detection-depth=<number> to search the specified levels of sub directories
To exclude specified sub-directories when running
snyk test or
snyk monitor with
--all projects, use the following option:
--exclude=<comma separated list of directory names>
--exclude option can be used with
--detection-depth to ignore directories at any level deep.
You can apply a common policy to all scanned manifest files by maintaining a central
.snyk policy file for
ignores if all the manifests being scanned are part of the same project. Use the following command to provide the
.snyk path as a parameter:
snyk test --all-projects --policy-path=src/lib/.snyk
This feature is available for all supported package managers.
Note: Gradle scans all root level project
build.gradle files with implied
You can test a specific a manifest file. Specify the file with the
You can use the
--project-name option to rename this project when you run
snyk monitor, for example:
snyk monitor --org=myOrgName --file=package.json --project-name=myapp-frontend
snyk monitor --org=myOrgName --file=build.sbt --project-name=myapp-backend