Problem:
When running snyk CLI functions, for example snyk auth
or snyk test
, especially if running Snyk within a container (eg a pipeline test), the process may fail. Initially the error may show as
An unknown error occurred. Please run with `-d` and include full trace when reporting to Snyk
When running the function with -d
(debug) option, the error shown is:
Cannot read TLS response from mitm'd server x509: certificate signed by unknown authority
Discussion:
Snyk CLI relies on the operating system's CA Certificates.
The CLI processes may fail if the operating system CA certificates are out of date.
Resolution:
For Linux OS which use apt-get:
- Add a
apt-get install -y ca-certificates
step before running snyk in your pipeline - If you are running your own image, this can be added in a RUN step within the Dockerfile, after which you will need to build a new image.
If you are using a snyk image - for example snyk/snyk:linux - or a different OS type, please raise a ticket with support and provide debug logs plus the reference to this article.