snyk · fsargent · Jun 9, 2026 · Jun 9, 2026
@@ -0,0 +1,56 @@
+package core
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"sort"
+	"testing"
+
+	"github.com/snyk/go-application-framework/pkg/configuration"
+	"github.com/snyk/go-application-framework/pkg/workflow"
+	"github.com/stretchr/testify/require"
+)
+
+type registeredCommandForHelpAudit struct {
+	Command string `json:"command"`
+	Visible bool   `json:"visible"`
+}
+
+func TestPrintRegisteredCommandTreeForHelpAudit(t *testing.T) {
+	if os.Getenv("SNYK_HELP_AUDIT_PRINT_COMMANDS") != "1" {
+		t.Skip("set SNYK_HELP_AUDIT_PRINT_COMMANDS=1 to print registered commands")
+	}
+
+	config := configuration.New()
+	engine := workflow.NewWorkFlowEngine(config)
+	initExtensions(engine, config, nil)
+	require.NoError(t, engine.Init())
+
+	commands := []registeredCommandForHelpAudit{}
+	for _, workflowID := range engine.GetWorkflows() {
+		command := workflow.GetCommandFromWorkflowIdentifier(workflowID)
+		if command == "" {
+			continue
+		}
+
+		entry, ok := engine.GetWorkflow(workflowID)
+		if !ok {
+			continue
+		}
+
+		commands = append(commands, registeredCommandForHelpAudit{
+			Command: command,
+			Visible: entry.IsVisible(),
+		})
+	}
+
+	sort.Slice(commands, func(i, j int) bool {
+		return commands[i].Command < commands[j].Command
+	})
+
+	output, err := json.Marshal(commands)
+	require.NoError(t, err)
+
+	fmt.Printf("SNYK_HELP_AUDIT_COMMANDS=%s\n", output)
+}
@@ -0,0 +1,15 @@
+# About
+
+## Usage
+
+`snyk about`
+
+## Description
+
+The `snyk about` command prints open source attribution information for the Snyk CLI.
+
+The output includes the package names, versions, licenses, authors, source package locations, and license text for third-party packages bundled with the CLI.
+
+## Debug
+
+Use the `-d` option to output the debug logs.
@@ -0,0 +1,65 @@
+# Agent scan
+
+**Warning:** The `snyk agent-scan` command is experimental. The `--experimental` flag is required. Behavior and options may change in future releases without notice.
+
+## Usage
+
+`snyk agent-scan --experimental [<PATH>] [<OPTIONS>]`
+
+## Description
+
+The `snyk agent-scan` command scans agent-related assets, including MCP server configuration and skills, and can upload scan results to Snyk Evo.
+
+If you provide a path, the command scans that path. If you do not provide a subcommand, the CLI runs the default `scan` action.
+
+The command downloads and runs the platform-specific `agent-scan` binary when needed.
+
+## Options
+
+### `--experimental`
+
+Required. Acknowledges that this command is experimental.
+
+### `--client-id=<UUID>`
+
+Specify the client ID to use when uploading scan results.
+
+If you do not specify `--client-id`, the CLI attempts to discover one from your authenticated Snyk account.
+
+### `--tenant-id=<UUID>`
+
+Specify the tenant ID to use for client ID discovery.
+
+You can also set the tenant ID with the `SNYK_TENANT_ID` environment variable.
+
+### `--json`
+
+Print the output as JSON.
+
+When using `--json`, provide `--tenant-id` if client ID discovery is required.
+
+### `--skills[=<PATH>]`
+
+Scan skills in addition to MCP servers.
+
+You can use this option as a boolean flag or provide a folder path.
+
+### `--no-upload`
+
+Do not upload scan results to Snyk Evo.
+
+This option requires authentication.
+
+## Examples
+
+Scan the current directory:
+
+`$ snyk agent-scan --experimental`
+
+Scan a specific directory:
+
+`$ snyk agent-scan --experimental ./my-agent`
+
+Scan skills and print JSON:
+
+`$ snyk agent-scan --experimental --skills --json --tenant-id=<UUID>`
@@ -0,0 +1,49 @@
+# Fix
+
+## Usage
+
+`snyk fix [<PATH>] [<OPTIONS>]`
+
+## Description
+
+The `snyk fix` command applies available fixes for open-source vulnerabilities in supported projects.
+
+The command first runs `snyk test` for the target project and then applies supported remediation actions.
+
+## Configure the Snyk CLI
+
+You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API. See [Configure the Snyk CLI](https://docs.snyk.io/snyk-cli/configure-the-snyk-cli)
+
+## Debug
+
+Use the `-d` option to output the debug logs.
+
+## Options
+
+### `--dry-run`
+
+Preview the fixes that would be applied without changing files.
+
+### `--quiet`
+
+Reduce command output.
+
+### `--sequential`
+
+Apply fixes sequentially.
+
+### Options used by `snyk test`
+
+The `snyk fix` command uses `snyk test` to find vulnerabilities before applying fixes. Supported `snyk test` options can be used to control project detection and dependency resolution.
+
+For more information, see the [`snyk test` help](test.md); `snyk test --help`.
+
+## Examples
+
+Preview available fixes:
+
+`$ snyk fix --dry-run`
+
+Apply fixes in the current directory:
+
+`$ snyk fix`
@@ -0,0 +1,43 @@
+# IaC rules repl
+
+## Usage
+
+**Feature availability:** This feature is in Early Access.
+
+`snyk iac rules repl [<OPTIONS>]`
+
+## Description
+
+The `snyk iac rules repl` command starts an interactive Rego REPL for an IaC custom rules project.
+
+Run the command from an IaC custom rules project directory. You can load an input file and run initialization commands when the REPL starts.
+
+For a list of related commands run `snyk iac --help`.
+
+## Configure the Snyk CLI
+
+You can use environment variables and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/snyk-cli/configure-the-snyk-cli)
+
+## Debug
+
+Use the `-d` option to output the debug logs.
+
+## Options
+
+### `--repl-init=<COMMAND>`
+
+Run commands on REPL initialization.
+
+This option can be provided more than once.
+
+### `--repl-input=<FILE_PATH>`
+
+Load an IaC input file into the REPL.
+
+## Example
+
+Start the REPL with an input file:
+
+```
+snyk iac rules repl --repl-input=input.json
+```
@@ -0,0 +1,61 @@
+# Ignore create
+
+## Usage
+
+`snyk ignore create [<OPTIONS>]`
+
+## Description
+
+The `snyk ignore create` command creates an ignore request for a finding in a Snyk Organization.
+
+This command creates an ignore request through the Snyk ignore workflow. It does not edit the local `.snyk` policy file. To add ignores to a local policy file, use the `snyk ignore` command.
+
+In interactive mode, the command prompts for missing values. In non-interactive mode, provide the required options.
+
+## Options
+
+### `--finding-id=<FINDING_ID>`
+
+The ID of the finding to ignore. Required when `--interactive=false`.
+
+### `--ignore-type=<IGNORE_TYPE>`
+
+The ignore type to create. Required when `--interactive=false`.
+
+Supported values:
+
+- `not-vulnerable`
+- `wont-fix`
+- `temporary-ignore`
+
+### `--reason=<REASON>`
+
+The reason for the ignore. Required when `--interactive=false`.
+
+### `--expiration=<EXPIRATION>`
+
+The ignore expiration date. Use `YYYY-MM-DD` format, or `never` for no expiration. Required when `--interactive=false`.
+
+### `--remote-repo-url=<URL>`
+
+The remote repository URL for the project. The command detects this value automatically when possible.
+
+### `--interactive=<true|false>`
+
+Run the command in interactive mode.
+
+Default: `true`
+
+### `--org=<ORG_ID>`
+
+Specify the Snyk Organization ID to use for the ignore request. The value must be an Organization UUID.
+
+## Examples
+
+Create an ignore request interactively:
+
+`$ snyk ignore create`
+
+Create a temporary ignore request without prompts:
+
+`$ snyk ignore create --finding-id=<FINDING_ID> --ignore-type=temporary-ignore --reason='Temporarily accepted risk' --expiration=2026-07-01 --interactive=false`
@@ -10,6 +10,10 @@ The `snyk ignore` command modifies the `.snyk` policy file to ignore a specified
 
 **Note:** Ignoring issues or vulnerabilities using the `.snyk` file is not supported for Snyk Code.
 
+### Create ignore requests
+
+[`snyk ignore create`](ignore-create.md); `snyk ignore create --help`: creates an ignore request for a finding.
+
 ### Exclude
 
 `snyk ignore [--expiry=] [--reason=] [--policy-path=<PATH_TO_POLICY_FILE>] [--file-path=<PATH_TO_RESOURCE>] [OPTIONS]`

@@ -0,0 +1,52 @@
+# Redteam get
+
+**Warning:** The `snyk redteam get` command is experimental. The `--experimental` flag is required. Behavior and options may change in future releases without notice.
+
+`snyk redteam` will be deprecated on May 31, 2026.
+
+## Prerequisites
+
+- Snyk CLI v1.1303.1 or later.
+- Authenticated Snyk CLI; run `snyk auth`.
+
+## Usage
+
+`snyk redteam get --experimental --id=<SCAN_ID> [<OPTIONS>]`
+
+## Description
+
+The `snyk redteam get` command retrieves results for a previously completed red team scan.
+
+For more information about red team scans and configuration, see the [`snyk redteam` help](redteam.md); `snyk redteam --help`.
+
+## Options
+
+### `--experimental`
+
+Required. Acknowledges that this command is experimental.
+
+### `--id=<SCAN_ID>`
+
+Required. The UUID of the scan to retrieve results for.
+
+### `--html`
+
+Output the scan report in HTML format instead of JSON.
+
+### `--html-file-output=<FILE_PATH>`
+
+Write the HTML report to the specified file path. Implies HTML output.
+
+### `--json-file-output=<FILE_PATH>`
+
+Write the JSON report to the specified file path.
+
+### `--tenant-id=<UUID>`
+
+Specify the Snyk tenant ID. The CLI attempts to discover the tenant ID from your authenticated Snyk account if it is not provided.
+
+## Example
+
+Retrieve scan results:
+
+`$ snyk redteam get --experimental --id=<SCAN_ID>`