When running a snyk command, you may want to pass additional arguments to the package manager. Two hyphens (--) indicate to snyk that the arguments that follow are to be passed through to the underlying command that is sent to the package manager.
Usage:
snyk <COMMAND> [<OPTIONS>] -- [<ARGUMENTS>]
For example, you may want to tell a Maven project to use a specific settings.xml file:
snyk test -- -s settings.xml
The snyk commands supported for this functionality are snyk test and snyk monitor.
Note: Do not use double quotes in the -- [<ARGUMENTS>].
Why did we make this change ?
This was due to a recent change that addressed CVE-2022-22984. To patch this vulnerability we have changed how we handle context specific options in the CLI, as a result wrapping these in quotes is no longer supported.
For example, command should now be:
snyk test --org=myorg -- -s settings.xml instead of snyk test --org=myorg -- "-s settings.xml"
You will now need to remove the quotes for the context specific options
EXTRA_ARGS: "-d --all-projects -- -s settings.xml". If you are adding the arguments directly to the plugin configuration, do not use quotes.
See your pipeline plugin documentation for details on passing additional arguments as the variable names are specific to the integration.