Some common issues when working behind a proxy:
- Snyk CLI requests are not going through the proxy
- Requests to app.snyk.io are blocked by the proxy
- Snyk CLI does not recognize an authorized certificate and prevents generating insecure requests
First check what are the details of your proxy. In Windows, run a ipconfig /all command and look for your proxy settings. You must retrieve the following information:
- http or https
- private IP of the proxy
- port (80, 8080 or 443 typically).
To run Snyk from behind a proxy, use an environment variable to point to your proxy.
Snyk supports a set of environment variables to enforce specific Proxy settings:
- HTTP_PROXY / http_proxy
- HTTPS_PROXY / https_proxy
- NO_PROXY / no_proxy
For example, to configure a proxy and run a Snyk test with the new proxy value, run:
$ export https_proxy=https://my.corporate.proxy:8080 $ snyk test
- The command to add an environment variable could differ between Windows CMD, Powershell, Mac terminal and Linux.
export https_proxy=valuesets a global env variable. If you prefer to set a local env variable you can useset https_proxy=valueinstead
To check if this is the case, add a debugging option to the CLI, using:
$ snyk test -d
If you see a timeout error or a econnrefused error in the request, then https://app.snyk.io may be blocked by the proxy.
To check if this is the case, you can tell Snyk to ignore insecure certificates, knowing that your proxy could be the reason for presenting a custom certificate to Snyk.
You can test this by running:
$ snyk auth --insecure $ snyk test --insecure
If the --insecure flag helps, you may want to point Snyk towards your custom CA certs more permanently by exporting them (Snyk CLI is a Node application and honors environmental variables):
$ export NODE_EXTRA_CA_CERTS=/path-to-the-ca-cert.crt
You can also try a combination of the above to resolve the issues:
$ set https_proxy=<PROXY>:PORT $ snyk auth --insecure $ snyk test -d --insecure