Prepare Snyk Broker for deployment

Using Snyk Broker on Windows is not supported. Snyk recommends that Windows users deploy Broker using Linux.

Prerequisites for Snyk Broker

When you set up Broker for an environment (region) other than the system default, before you can authenticate, you must set environment variables with specific Broker URLs. Example: -e BROKER_SERVER_URL=https://broker.eu.snyk.io

For details, see Regional hosting and data residency.

The following are prerequisites for using Snyk Broker in any environment:

Prepare hosts for installation of Snyk Broker

Snyk recommends configuring at least two separate instances of the Broker Client for each integration, either on different hosts or installed using a Kubernetes system. This ensures that you always have at least two instances running for redundancy.

Configure your network for using Snyk Broker

If you use a proxy server, ensure you configure it and any firewalls to allow the Broker Client inbound and outbound access as follows:

Traffic initiated from the Snyk Broker Server side always uses the latest available Broker connection. All activity from the Snyk side, such as traffic driven by recurring tests, appears on only one of your replicas at a time. The amount of Snyk activity is proportional to the activity in the repositories or Jira items. That activity generates webhooks, which are distributed across all replicas.

Define your Broker deployment components

Consider the following to understand what the required components are for your deployment:

  • What service are you connecting the Broker to?

  • Are you planning to detect Infrastructure as Code files?

  • Are you planning to detect Snyk Code vulnerabilities?

  • Are you planning to connect to a Container Registry?

Every integration has a specific Broker token assigned to it. An integration to analyze Snyk Code vulnerabilities and connect to a Container Registry has the following:

  • One Broker for the SCM with the additional environment variable -e ACCEPT_CODE.

  • One Broker for the Container Registry and one Broker Container Registry agent

Generate credentials in the target application for Snyk Broker

Snyk recommends rotating all API tokens and credentials used with Snyk Broker every 90 days.

For the first deployment of Broker, collaborating with your Snyk account team is required.

After generating the credentials for the Broker's target application, configure the environment variables for launching Snyk Broker.

The Broker token is required and must be generated in order for you to use Snyk Broker.

For code repository (SCM) integrations, a Broker token can be generated using the API or by contacting Snyk support.

  1. Follow the example under "Set up a broker for an existing integration" in the endpoint Update existing integration or contact Snyk support.

  2. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration. by selecting Settings > Integrations for that specific integration to see the Broker token.

For Artifactory Repository and Nexus Repository Manager brokered instances or Jira integration, you can generate a Broker token in the Snyk UI or contact Snyk support.

  1. Select Settings > Integrations for that specific integration to generate the Broker token.

  2. After the Broker token is generated, under the integration, the notification from this screen correctly displays Could not connect to…, as you have not yet installed and configured the client.

  3. Copy and paste the Broker token from the UI to use it when you install the client.

Enabling Broker across multiple organizations

You can use the same Git service across multiple Organizations in Snyk with the same Broker token. To do this, create the token for an Organization and then create a new Organization based on the original. This clones the token, and you can now enable the Broker for it.

To do this retroactively for existing Organizations, you can use the endpoint Clone an integration (with settings and credentials) to clone a specific integration, including the Broker token.

Unless you do this, you must generate a new Broker token for the Organization, as each integration and Organization has its own unique Broker token.

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.