# Snyk Execute Snyk CLI commands for security scanning. ## YAML Parameters ```typescript interface YAMLParameters { /** Snyk integration (SNYK) */ integration: string; /** List of shell commands to execute. */ execute_commands: string[]; type: "SNYK_CLI"; /** Unique identifier for the action within the pipeline. */ action: string; /** Shell to use for executing commands: BASH (default), SH, or ZSH. */ shell?: "SH" | "BASH" | "POWERSHELL"; /** Commands to run before the main commands (e.g., for installing dependencies). */ setup_commands?: string[]; /** Version of the CLI tool. */ version?: string; /** Specifies when the action should be executed. */ trigger_time?: "ON_EVERY_EXECUTION" | "ON_SUCCESS" | "ON_FAILURE" | "ON_BACK_TO_SUCCESS" | "ON_WARNING" | "ON_WAIT_FOR_APPROVE" | "ON_TERMINATE"; /** The list of variables for dynamic action execution. The action runs once for each value. */ loop?: string[]; /** Defines whether the action should be executed on each failure. Restricted to and required if the trigger_time is ON_FAILURE. */ run_only_on_first_failure?: boolean; /** When set to true the action is disabled. By default it is set to false. */ disabled?: boolean; /** The timeout in seconds. */ timeout?: number; /** If set to true the execution will proceed, mark action as a warning and jump to the next action. Doesn't apply to deployment actions. */ ignore_errors?: boolean; /** Delay time between auto retries in seconds. */ retry_interval?: number; /** Number of retries if the action fails. */ retry_count?: number; /** Defines whether the action should run in parallel with the next one. */ run_next?: "WAIT_ON_SUCCESS" | "IN_SOFT_PARALLEL" | "IN_HARD_PARALLEL"; /** The list of trigger conditions to meet so that the action can be triggered. */ trigger_conditions?: TriggerConditionYaml[]; /** The list of variables you can use in the action. */ variables?: VariableYaml[]; } ``` ## Type Definitions ```typescript interface TriggerConditionYaml { /** The type of trigger condition */ trigger_condition: "ALWAYS" | "ON_CHANGE" | "ON_CHANGE_AT_PATH" | "VAR_IS" | "VAR_IS_NOT" | "VAR_CONTAINS" | "VAR_NOT_CONTAINS" | "DATETIME" | "SUCCESS_PIPELINE" | "DAY" | "HOUR" | "OR" | "VAR_LESS_THAN" | "VAR_LESS_THAN_OR_EQUAL" | "VAR_GREATER_THAN" | "VAR_GREATER_THAN_OR_EQUAL" | "ACTION_STATUS_IS" | "ACTION_STATUS_IS_NOT" | "TRIGGERING_USER_IS" | "TRIGGERING_USER_IS_NOT" | "TRIGGERING_USER_IS_IN_GROUP" | "TRIGGERING_USER_IS_NOT_IN_GROUP"; /** The value to compare the trigger variable against */ trigger_variable_value?: string; /** The name of the variable to check in the trigger condition */ trigger_variable_key?: string; /** The timezone for datetime trigger conditions (e.g., 'UTC', 'Europe/Warsaw') */ timezone?: string; /** The hours when the datetime trigger should activate (0-23) */ trigger_hours?: number[]; /** The days when the datetime trigger should activate (1-7, where 1 is Monday) */ trigger_days?: number[]; /** The project name for cross-project pipeline triggers */ project?: string; /** The pipeline name for cross-pipeline triggers */ pipeline?: string; /** The email of the user who can trigger the pipeline */ trigger_user?: string; /** The name of the group that can trigger the pipeline */ trigger_group?: string; /** The file paths that must change to trigger the pipeline */ trigger_condition_paths?: string[]; /** The action status to check for action status triggers */ trigger_status?: "SUCCESSFUL" | "FAILED" | "SKIPPED" | "SUPPRESSED"; /** The name of the action to check status for */ trigger_action_name?: string; /** The list of nested trigger conditions for OR/AND operators */ trigger_operands?: TriggerConditionYaml[]; } interface VariableYaml { /** The name of the variable */ key: string; /** The value of the variable */ value?: string; /** The type of the added variable */ type?: "VAR" | "FILE" | "SSH_KEY" | "IOS_KEYCHAIN" | "IOS_PROVISION_PROFILES" | "SSH_PUBLIC_KEY" | "GPG_KEY"; /** If set to true the variable value will be encrypted and hidden */ encrypted?: boolean; /** The optional description of the variable */ description?: string; /** Initial path for the variable */ init_path?: string; /** Default value for the variable */ defaults?: string; /** Set if type is FILE, SSH_KEY, IOS_KEYCHAIN, or IOS_PROVISION_PROFILES. If it's NONE, the variable can be used as a parameter in an action. For CONTAINER, the given key is additionally copied to an action container on each run */ file_place?: "NONE" | "CONTAINER"; /** Whether the file is binary */ binary?: boolean; /** Public value for SSH key type variables */ public_value?: string; /** Fingerprint of SSH key */ key_fingerprint?: string; /** Checksum of the variable value */ checksum?: string; /** Password for certificates */ password?: string; /** Passphrase for encrypted SSH keys */ passphrase?: string; /** Key identifier for iOS certificates, provisioning profiles, or GPG keys */ key_identifier?: string; /** If set to true the variable value can be set by Buddy actions */ settable?: string; /** Encoding of the variable value. Use `b64` for binary files (certificates, images, compiled blobs) where the value is already base64-encoded. Omit or set to `text` for plain text files (JSON, XML, config) — the system will handle encoding automatically. Only applies to non-encrypted asset variables (FILE, SSH_KEY, SSH_PUBLIC_KEY, IOS_KEYCHAIN, IOS_PROVISION_PROFILES). */ encoding?: "text" | "b64"; /** Specifies where to copy the file on each run. Set if type is FILE, SSH_KEY, IOS_KEYCHAIN, or IOS_PROVISION_PROFILES. */ path?: string; /** File permission set on copy to a container on each run. Set if type is FILE, SSH_KEY, IOS_KEYCHAIN, or IOS_PROVISION_PROFILES. */ chmod?: string; } ``` ## YAML Examples ### Snyk CLI security scan ```yaml - action: "snyk test" type: "SNYK_CLI" version: "node-16" execute_commands: - "snyk test" setup_commands: - "apt-get update && apt-get -y install git" shell: "SH" integration: "my_integration" ``` --- Original source: https://buddy.works/docs/yaml/yaml-actions/snyk-cli