Testing archives
As well as testing images from a local Docker daemon or remote registry, Snyk can also directly test or monitor a Docker or OCI archive.
snyk container test docker-archive:archive.tar snyk container test oci-archive:archive.tar
Testing multi-platform images
Some repositories represent multi-manifests, pointing to several different images depending on the operating system and architecture required. The Snyk Container CLI can be used to explicitly test an image for a specific platform:
snyk container test --platform=linux/arm64 debian
The --platform flag should contain one of:
- linux/amd64
- linux/arm64
- linux/riscv64
- linux/ppc64le
- linux/s390x
- linux/386
- linux/arm/v7
- linux/arm/v
Common additional options
Some useful CLI options include:
|
|
Output the results as a JSON document, useful for integrating with other tools |
|
|
Output the results as a SARIF document, useful for integrating with other tools. Note this requires the test to be run with --file as well |
|
|
Don’t show vulnerabilities only introduced by the base image |
|
|
Only show a subset of vulnerabilities which match the severity or higher |
For a full list of options, access the Snyk help information:
snyk container --help