Comment on page

Snyk Broker

Feature availability Snyk Broker is available with Enterprise plans. See pricing plans for more details.
Snyk Broker is an open-source tool that acts as a proxy between Snyk and special integrations, allowing for access by to your code to scan it and return results to you. SCM integrations with Broker support Snyk Open Source, Snyk Code, Snyk Container (Dockerfile), and Snyk IaC. For more information, see How Snyk Broker works.

How to download and install Snyk Broker

Snyk Broker is hosted on GitHub and published as a set of Docker images for specific integrations. Snyk provides a Helm Chart to deploy Snyk Broker if you are using Kubernetes. To deploy Broker, you must install and configure an integration.
The Snyk Broker documentation provides detailed instructions for using Helm and Docker. Snyk recommends using Helm as the simplest way to deploy Snyk Broker. You can also use Docker to run the Snyk Broker Client or run npm install snyk-broker.

Integrations with Snyk Broker

Install each type of integration and configure using environment variables, as explained for Docker and Helm.
Types of integrations supported with Broker are:
You can also use derived Docker images for each integration and the Container Registry Agent.
For information about advanced configuration as needed for your installation, see Advanced configuration for Snyk Broker Docker installation and Advanced setup for Helm Chart installation.

Using Snyk Broker to scan your code

To use Snyk Open Source with Snyk Broker, you need only the Broker Server and Broker Client components. The Broker Client is published as a set of Docker images, each configured for a specific Git service. Configure each type of integration using environment variables following the links in the previous section, Integrations with Snyk Broker.
To scan other types of code with Snyk Broker, you must add a component or configurations and add parameters to the Broker Client setup:
  • Snyk Code – add the Code Agent component to enable Snyk Code analysis of repositories in SCMs that are integrated through Snyk Broker. You can also grant Broker access to perform a Git clone of your repository by adding an environment variable: ACCEPT_CODE=true.
  • Snyk Container – add the Container Registry Agent to enable the connection to network-restricted container registries and the analysis of container images. There are instructions for installing with Docker and installing with Helm.
  • Snyk Infrastructure as Code – configure the accept.json file with additional parameters to detect and analyze Terraform, CloudFormation, and Kubernetes configuration files through Snyk Broker.

How Snyk Broker works

Snyk Broker is designed to connect Snyk products to self-hosted integrations that are not publicly accessible from the internet. Snyk Broker also allows you to do the following:
  • Control Snyk's access to your network by limiting the files to which Snyk has access and the actions that Snyk can perform.
  • Manage a fixed private IP for your integration, targeting the Broker.
Snyk Broker includes a Server and a Client, basic components that are the same across all integrations. The Broker Server runs on the Snyk SaaS backend and is provided by Snyk; no installation is required. The Broker Client is a Docker image deployed in your infrastructure. For more information, see Components of Snyk Broker and Connections with Snyk Broker.
See Prepare Snyk Broker for deployment for information about prerequisites, choosing components, network configuration, and credentials.