Feature availability Snyk Broker is available with Enterprise plans. See pricing plans for more details.
Snyk Broker is an open-source tool that acts as a proxy between Snyk and special integrations, allowing for access by snyk.io to your code to scan it and return results to you. SCM integrations with Broker support Snyk Open Source, Snyk Code, Snyk Container (Dockerfile), and Snyk IaC. For more information, see How Snyk Broker works.
Snyk Broker is hosted on GitHub and published as a set of Docker images for specific integrations. Snyk provides a Helm Chart to deploy Snyk Broker if you are using Kubernetes. To deploy Broker, you must install and configure an integration.
Types of integrations supported with Broker are:
- Your Source Code Management (SCM) system (GitHub, GitHub Enterprise, BitBucket Server/Data Center, GitLab, Azure Repos
- SCM that is not internet reachable
- Publicly-accessible SCM, allowing you to view and control Snyk activity for increased data security
- Infrastructure as code (IaC) configuration files using Snyk IaC located on private Git-based repositories
For information about advanced configuration as needed for your installation, see Advanced configuration for Snyk Broker Docker installation and Advanced setup for Helm Chart installation.
To use Snyk Open Source with Snyk Broker, you need only the Broker Server and Broker Client components. The Broker Client is published as a set of Docker images, each configured for a specific Git service. Configure each type of integration using environment variables following the links in the previous section, Integrations with Snyk Broker.
To scan other types of code with Snyk Broker, you must add a component or configurations and add parameters to the Broker Client setup:
- Snyk Code – add the Code Agent component to enable Snyk Code analysis of repositories in SCMs that are integrated through Snyk Broker. You can also grant Broker access to perform a Git clone of your repository by adding an environment variable:
- Snyk Container – add the Container Registry Agent to enable the connection to network-restricted container registries and the analysis of container images. There are instructions for installing with Docker and installing with Helm.
- Snyk Infrastructure as Code – configure the
accept.jsonfile with additional parameters to detect and analyze Terraform, CloudFormation, and Kubernetes configuration files through Snyk Broker.
Snyk Broker is designed to connect Snyk products to self-hosted integrations that are not publicly accessible from the internet. Snyk Broker also allows you to do the following:
- Control Snyk's access to your network by limiting the files to which Snyk has access and the actions that Snyk can perform.
- Manage a fixed private IP for your integration, targeting the Broker.
Snyk Broker includes a Server and a Client, basic components that are the same across all integrations. The Broker Server runs on the Snyk SaaS backend and is provided by Snyk; no installation is required. The Broker Client is a Docker image deployed in your infrastructure. For more information, see Components of Snyk Broker and Connections with Snyk Broker.
See Prepare Snyk Broker for deployment for information about prerequisites, choosing components, network configuration, and credentials.