Support
API docs
Product updates Sign up for free

Snyk Broker - AppRisk

If your SCM or third-party instance is not publicly accessible, you need Snyk Broker. You can install and configure your Snyk Broker using Docker or Helm. The minimum supported Broker version for Snyk AppRisk is 4.171.0.

Enable the Snyk AppRisk flag in your Snyk Broker deployment environment before running the commands.

SCM integrations

You can find on GitHub all the updated .json files that include the allowed list of accessible endpoints for the integrations.

Third-party integrations

The third-party integrations are available in a Closed Beta state and are applicable only to the Snyk AppRisk Pro version. Please contact your salesperson if you are interested in Snyk AppRisk Pro.

Checkmarx SAST integration

Use the following steps to install and run Snyk Broker for the AppRisk and Checkmarx SAST integration.

  1. Ensure you have the Snyk Broker token for the Snyk AppRisk integration. The Snyk support team can provide the needed token.

  2. Pull the latest broker image by running this command:

docker pull snyk/broker:universal

  1. Ensure the config.universal.json file contains the following information:

{
  "BROKER_CLIENT_CONFIGURATION": {
    "common": {
      "default": {
        "BROKER_SERVER_URL": "https://broker.snyk.io",
        "BROKER_HA_MODE_ENABLED": "false"
      }
    }
  },
  "CONNECTIONS": {
    "apprisk connection": {
      "type": "apprisk",
      "identifier": "${BROKER_TOKEN}",
      "CHECKMARX": "${CHECKMARX}",
      "CHECKMARX_USERNAME": "${CHECKMARX_USERNAME}",
      "CHECKMARX_PASSWORD": "${CHECKMARX_PASSWORD}",
      "BROKER_CLIENT_URL": "http://my.broker.client.dns.hostname"
    }
  }
}

  1. Run the following commands with your Checkmarx username and password:

docker run --restart=always \
        -p 8001:8001 -e PORT=8001 \
        -e BROKER_CLIENT_URL=http://broker.url.example:8000 \
        -e BROKER_TOKEN=<YOUR BROKER TOKEN> \
        -e UNIVERSAL_BROKER_ENABLED=true \
        -e CHECKMARX=<YOUR CHECKMARX HOST> \
        -e CHECKMARX_USERNAME=<YOUR CHECKMARX USERNAME> \
        -e CHECKMARX_PASSWORD=<YOUR CHECKMARX PASSWORD> \
        -e BROKER_SERVER_URL=https://broker.snyk.io \
        -v $(pwd)/config.universal.json:/home/node/config.universal.json \
    snyk/broker:universal

  1. When the connection is established, you will find in the logs the following message: successfully established a websocket connection to the broker server

{"id":"broker-client-url-validation","name":"Broker Client URL Validation Check","status":"passing","output":"config check: ok"},{"id":"universal-broker-connections-config-validation","name":"Universal Broker Client Connections Configuration Check","status":"passing","output":"connections config check: ok"}],"version":"4.179.5","supportedIntegrationType":"apprisk"},"msg":"successfully established a websocket connection to the broker server","time":"2024-03-11T11:43:26.014Z","v":0}
PreviousDetecting Kubernetes configuration files using Snyk Broker (Custom)NextHigh availability mode

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.