Some common issues when working behind a proxy:
- Snyk CLI requests are not going through the proxy
- Requests to app.snyk.io are blocked by the proxy
- Snyk CLI does not recognize an authorized certificate and prevents generating insecure requests
First check what are the details of your proxy. In Windows, run a ipconfig /all command and look for your proxy settings. You must retrieve the following information:
- http or https
- private IP of the proxy
- port (80, 8080 or 443 typically).
To run Snyk from behind a proxy, use an environment variable to point to your proxy.
Snyk supports a set of environment variables to enforce specific Proxy settings:
- HTTP_PROXY / http_proxy
- HTTPS_PROXY / https_proxy
- NO_PROXY / no_proxy
For example, to configure a proxy and run a Snyk test with the new proxy value, run:
$ export https_proxy=https://my.corporate.proxy:8080 $ snyk test
- The command to add an environment variable could differ between Windows CMD, Powershell, Mac terminal and Linux.
export https_proxy=valuesets a global env variable. If you prefer to set a local env variable you can useset https_proxy=valueinstead
To check if this is the case, add a debugging option to the CLI, using:
$ snyk test -d
If you see a timeout error or a econnrefused error in the request, then https://app.snyk.io may be blocked by Snyk.
To check if this is the case, you can tell Snyk to ignore insecure certificates, knowing that your proxy could be the reason for presenting a custom certificate to Snyk.
You can test this by running:
$ snyk auth --insecure $ snyk test --insecure
If the --insecure flag helps, you may want to point Snyk towards your custom CA certs more permanently by exporting them (Snyk CLI is a Node application and honors environmental variables):
$ export NODE_EXTRA_CA_CERTS=/path-to-the-ca-cert.crt
You can also try a combination of the above to resolve the issues:
$ set https_proxy=<PROXY>:PORT $ snyk auth --insecure $ snyk test -d --insecure