GitHub - install and configure using Docker

Before installing, review the prerequisites and the general instructions for installation using Docker.

This integration is useful to ensure a secure connection with your on-premise or cloud GitHub deployment.

Configure Broker integration with GitHub

To use the Snyk Broker Client with GitHub, run docker pull snyk/broker:github-com. Refer to GitHub - environment variables for Snyk Broker for definitions of the environment variables.

If necessary, go to the Advanced configuration page and make any configuration changes needed such as providing the CA (Certificate Authority) to the Broker Client configuration if the GitHub instance is using a private certificate, and setting up proxy support.

Docker run command to set up a Broker Client for GitHub

Copy the following command to set up a fully configured Broker Client to analyze Open Source, IaC, Container, Code files (with the Code Agent), and Snyk AppRisk information. Enable Snyk AppRisk to identify your application assets, monitor them, and prioritize the risks.

docker run --restart=always \
           -p 8000:8000 \
           -e BROKER_TOKEN=<secret-broker-token> \
           -e GITHUB_TOKEN=<secret-github-token> \
           -e PORT=8000 \
           -e BROKER_CLIENT_URL=<http://broker.url.example:8000 (dns/IP:port)> \
           -e ACCEPT_IAC=tf,yaml,yml,json,tpl \
           -e ACCEPT_CODE=true \
           -e ACCEPT_APPRISK=true \ 

Snyk AppRisk is set by default to false. Enable it by setting the flag to true.

As an alternative using to the Docker run command, you can use a derived Docker image to set up the Broker Client integration. See Derived Docker images for the environment variables to override for the GitHub integration.

Start the Broker Client container and verify the connection with GitHub

Paste the Broker Client configuration to start the Broker Client container.

Once the container is up, the GitHub Integrations page shows the connection to GitHub and you can Add Projects.

Basic troubleshooting for Broker with GitHub

Support of big manifest files (> 1Mb) for GitHub

One reason that open Fix/Upgrade PRs or PR/recurring tests fail may be fetching big manifest files (> 1Mb). To address this issue, enable an additional variable in your broker by following the Additional instructions for Snyk Open Source Scans (SCA) of large manifest files (Docker setup)

To ensure the maximum possible security, Snyk does not enable this rule by default, as use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names.

Additional troubleshooting for Broker with GitHub

  • Run docker logs <container id> to look for any errors, where container id is the GitHub Broker container ID.

  • Ensure relevant ports are exposed to GitHub.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.