Want to make your security findings feel more "real"? We're excited to announce the official public release of Snyk CLI Greybeard edition! Unlike the normal Snyk CLI which will help you find security issues in your code, containers, dependencies, and IaC, this special "Greybeard" edition of the CLI will give you the same information, but with much more personality.
Snyk Greybeard is experienced, knowledgeable, and tired of your security ignorance. Greybeard has a more sarcastic, dry, and endearing grumpiness that transforms your boring security scans into a heated roast, with lots of fun commentary to brighten your day.
The easiest way to install is with the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/snyk-labs/snyk-cli-greybeard/refs/heads/main/install.sh)"This will download and install the latest version for your platform.
Greybeard requires an OpenAI API key to function. Follow these steps to set it up:
-
Get an API key:
- Sign up or log in at OpenAI's platform
- Navigate to API keys and create a new secret key
-
Set as environment variable:
Linux/macOS:
# Add to your shell profile (.bashrc, .zshrc, etc.) for persistence echo 'export OPENAI_API_KEY="your-api-key"' >> ~/.bashrc source ~/.bashrc # Or set temporarily for the current session export OPENAI_API_KEY="your-api-key"
Windows (Command Prompt):
# Set permanently (requires restart of CMD after setting) setx OPENAI_API_KEY "your-api-key" # Set for current session only set OPENAI_API_KEY=your-api-key
Windows (PowerShell):
# Set permanently [Environment]::SetEnvironmentVariable("OPENAI_API_KEY", "your-api-key", "User") # Set for current session only $env:OPENAI_API_KEY = "your-api-key"
-
Verify the key is set:
# Linux/macOS/Windows PowerShell echo $OPENAI_API_KEY # Windows Command Prompt echo %OPENAI_API_KEY%
Important: Without a valid OpenAI API key, Greybeard will not work! The application needs this key to generate the grumpy security expert commentary.
Download the appropriate binary for your platform from the Releases page.
-
Clone this repository:
git clone https://github.com/snyk-labs/snyk-cli-greybeard.git cd snyk-cli-greybeard -
Build and install:
# Build for your current platform go build -o greybeard # Or build and install to your system (platform-aware) make install # May require sudo on Linux/macOS # Or cross-compile for multiple platforms make compilePlatform-specific installation details:
- Linux/macOS: Installs to
/usr/local/bin/greybeard - Windows: Installs to
%APPDATA%\snyk-cli-greybeard\greybeard.exeand provides instructions for adding to PATH
- Linux/macOS: Installs to
-
Set your OpenAI API key as an environment variable:
# Linux/macOS export OPENAI_API_KEY='your-api-key' # Windows setx OPENAI_API_KEY "your-api-key"
Use greybeard exactly as you would use the regular snyk command:
./greybeard test
./greybeard test --json
./greybeard container test alpine:latest
Check the version:
./greybeard --version
The tool will:
- Run the Snyk CLI with all your arguments
- Display the raw Snyk CLI output first
- Follow with a grumpy security expert's commentary on the important findings
Raw Snyk CLI Output:
[The original Snyk CLI output appears here]
-----------------------------------------------------------
🧔♂️ Security Greybeard says:
Listen up, youngster! I see you've got a critical RCE vulnerability in that package.
Back in my day, we'd have been fired for leaving something this obvious in production.
You better fix this ASAP unless you want your servers to become someone else's bitcoin miner...
- Displays both raw Snyk output and Greybeard commentary
- Focuses on important security findings and ignores noise
- Proper handling of command timeouts
- Robust JSON parsing
- Same exit codes as the original Snyk command
- Colorful output formatting
- Cross-platform support (Linux, macOS, Windows)
- Go 1.22.5+
- Snyk CLI
- OpenAI API key
- Make (for using the Makefile)
The included Makefile provides several useful targets:
make compile # Cross-compile for all platforms
make install # Build and install to the system (platform-specific)
make clean # Clean build artifacts
make help # Show help information
Individual platform targets:
make linux-amd64
make linux-arm64
make darwin-amd64
make darwin-arm64
make windows-amd64
make windows-arm64
MIT