Some common issues when working behind a proxy are:
- Snyk CLI requests are not going through the proxy.
- Requests to app.snyk.io are blocked by the proxy.
- Snyk CLI does not recognize an authorized certificate and prevents generating insecure requests.
First, check what the details of your proxy are. In Windows, run an
ipconfig /all command and look for your proxy settings. You must retrieve the following information:
- HTTP or HTTPS
- private IP of the proxy
- port (80, 8080, or 443 typically)
To run Snyk from behind a proxy, use an environment variable to point to your proxy.
Snyk supports a set of environment variables to enforce specific proxy settings:
- HTTP_PROXY / http_proxy
- HTTPS_PROXY / https_proxy
- NO_PROXY / no_proxy
For example, to configure a proxy and run a Snyk test with the new proxy value, run:
$ export https_proxy=https://my.corporate.proxy:8080 $ snyk test
- The command to add an environment variable may differ among Windows CMD, Powershell, Mac terminal, and Linux.
export https_proxy=valuesets a global env variable. If you prefer to set a local env variable you can use
To check if this is the case, add a debugging option to the CLI, using:
$ snyk test -dIf you see a timeout error or a econnrefused error in the request, then https://app.snyk.io may be blocked by the proxy.
To check if this is the case, you can tell Snyk to ignore insecure certificates, knowing that your proxy could be the reason for presenting a custom certificate to Snyk.
You can test this by running:
$ snyk auth --insecure $ snyk test --insecure
--insecure flag helps, you may want to point Snyk towards your custom CA certs more permanently by exporting them as follows. Snyk CLI is a Node application and honors environment variables.
$ export NODE_EXTRA_CA_CERTS=/path-to-the-ca-cert.crt
You can also try a combination of the above to resolve the issues:
$ set https_proxy=<PROXY>:PORT $ snyk auth --insecure $ snyk test -d --insecure
Enforce HTTP instead of HTTPS
Note that if set with the HTTP protocol the CLI upgrades the requests to HTTPS unless
SNYK_HTTP_PROTOCOL_UPGRADE is set to
If the HTTP protocol is set to the value of 0, the CLI (or API) requests aimed at HTTP URLs are not upgraded to HTTPS. If the HTTP protocol is not set, the default behavior is to upgrade these requests from HTTP to HTTPS.
In this case, the series of commands to run a test with Snyk would look like this:
export HTTPS_PROXY=http://127.0.0.1:8866 export SNYK_HTTP_PROTOCOL_UPGRADE=0 snyk test