There are various commands you can use with Snyk on the command line and they all do different things.
snyk test will test your dependencies for vulnerabilities and tell you how many vulnerabilities are found. It will return a non-zero exit code which will cause a build to fail when run inside of CI environments (depending on how the CI tool is configured)
snyk protect is used to apply patches to your vulnerable dependencies. It's useful after opening a fix pull request from our website (GitHub only) or after running
snyk wizard on the CLI.
snyk protect reads a
.snyk policy file to determine what patches to apply.
snyk monitor can be used from the CLI to create a project on the Snyk website that will be continuously monitored for new vulnerabilities. After running this command you will see it by logging in to the website and viewing Your projects. You should run this command regularly in order to update the dependencies for your project. Consider running it as part of your build process after running
snyk test, that way we will always know what dependencies you have and can notify you when any of them become vulnerable.