Run the Broker client with the code snippets display
Last updated
Last updated
After the Broker client image is stored on your machine, use the docker run
command to run the image and launch the Broker client.
The setup commands for running the Broker client described in this section include the common commands used for all SCMs. Some SCMs require additional parameters for the Broker client setup, and those parameters are indicated in this section, but when you are setting up a Broker client for a specific SCM, see also the instructions for that SCM in the section Install and configure Snyk Broker.
The following explains how to set up the Broker client in a way that displays code snippets of the Snyk Code results in the Web UI:
When you are setting up the Broker client for displaying code snippets, use the same parameters as for the basic Broker client setup, and add the following file and parameters:
Download a pre-defined accept.json
file to your machine. This accept.json
file is customized for each SCM, and it contains the required rules for displaying the code snippets.
Add these parameters to the setup commands to mount the accept.json
file to the Broker Client:
-e ACCEPT=/<folder_name>/accept.json
-v / local/path/to/<folder_name>:/<folder_name>
To display the code snippets of the Snyk Code results in the Web UI, first download a pre-defined accept.json
file. When downloading the accept.json file, select the file that is customized for your integrated SCM and save it in an accessible location.
Download the accept.json
file for your integrated SCM:
On each Integration Setup page, locate the pre-defined accept.json
file for this integration, and download it.
Verify that the downloaded file is called accept.json
. If during the download process, the file name has changed, rename the file to its original name.
Save the file in a secure and separate folder such as ./private/accept.json
.
In the terminal, enter the following command to launch the Broker client:
where:
-- restart=always
is a Docker command that determines that the Broker client container will always restart regardless of the exit status.
-p <host_machine_port_no._mapped to>:<Broker_Client_container_port_ no.>
is the mapping of a physical open port in the host machine to a port in the Broker client container. These port numbers on the host machine and container do not have to be the same, for example, 8001:8000
. The port number of the host machine must be unique.
-e BROKER_TOKEN
is the Broker token that is associated with the specific Organization and the specific integrated SCM.
-e <SCM_TOKEN>
is the SCM token for the specific integrated SCM.
-e <SCM_domain>=
is your SCM domain name without http/https
, for example, snyk.git.com
. For each SCM,. Use the following parameter:
GitHub - the -e <SCM_domain>
parameter is NOT required.
GitHub Enterprise: -e GITHUB
For GitHub Enterprise add the following parameters also:
-e GITHUB_API=<your.ghe.domain.com/api/v3_(without_http/s)> \
-e GITHUB_GRAPHQL=<your.ghe.domain.com/api_(without_http/s)> \
Azure Repos: -e AZURE_REPOS_HOST
For Azure Repos add the following parameter also:
-e AZURE_REPOS_ORG=<azure_repo_org_name> \
Bitbucket Server/Data Center: -e BITBUCKET
For Bitbucket Server/Data Center add the following parameter also:
-e BITBUCKET_API=<your.bitbucket-server.domain.com/rest/api/1.0_(without http/s)> \
GitLab: -e GITLAB
[Optional] -e BROKER_CLIENT_URL=
is the URL to the host machine of the Broker client. The URL can include an IP address or a DNS with the port number of the host machine, for example, http://localhost:8001
.
Add this parameter only if you are using the same Broker client for other Snyk products, and you want to enable for them the Automatic PR Checks feature. Since the Automatic PR Checks feature is not supported for the Code Agent, you do not have to use this parameter for the Code Agent.
-e PORT
is the port number of the Broker Client container, where it accepts external connections. The default is 8000
. This port number must be the same as the <Broker_Client_container_port_ no.>
in the -p
parameter above.
-e GIT_CLIENT_URL=
is a URL to the port of the running Code Agent container. The URL includes the name of the Code Agent container with its port number, for example, http://code-agent:3000
.
-e ACCEPT=
is the name of the folder that stores the downloaded accept.json
file with the name of the file, for example, /private/accept.json
.
-v /local/path/to/<folder_name>:/<folder_name>
is the path to the folder that stores the accept.json file with the name of the folder, for example, /private:/private
.
--network
is the name of the Docker bridge network, used for communication with the Code Agent.
snyk/broker:<SCM_tag>
is the Docker image of the Broker Client for the specific integrated SCM.
Once the Broker client setup is completed successfully, the following message appears in the terminal:
{ ..., "msg":"successfully established a websocket connection to the broker server", ... }
To verify the setup and details of the Broker client container, run:
The output is similar to the following:
The following command was entered to run the Broker client for an integrated GitHub server:
where:
-p 8000:8000
is port number 8000
on the host machine, mapped to port number 8000
on the Broker Client container. This is used for the communication between the Broker Client container and the Broker Server and Code Agent.
-e BROKER_TOKEN
is the Broker token associated with the specific Organization and GitHub.
-e GITHUB_TOKEN
is the GitHub token for accessing the GitHub repositories.
-e BROKER_CLIENT_URL
is the URL to the host machine of the Broker Client, http://localhost:8000
.
-e PORT
is the local port, where the Broker client container accepts connections, 8000
.
-e GIT_CLIENT_URL=http://code-agent:3000
is the URL to the port of the running Code Agent container. The URL includes the name of the Code Agent container – code-agent
- with its port no. - 3000
.
-e ACCEPT=/private/accept-github.json
is the name of the folder that stores the downloaded accept.json
file, private
, and the name of the file for GitHub, accept.json
.
-v /private:/private
is the path to the folder that stores the accept-github.json
file, private, and the name of the folder, private.
--network
is the name of the Docker bridge network, used for communication with the Broker, client mySnykBrokerNetwork
.
snyk/broker:github-com
is the Docker image of the Broker client for GitHub.
The following command was entered to run the Broker client for an integrated Azure Repos server:
where:
-p 8001:8001
is port number 8001
on the host machine, mapped to port number 8001
on the Broker Client container, for communication between the Broker Client container and the Broker Server and Code Agent.
-e BROKER_TOKEN
is the Broker token associated with the specific Organization and Azure Repos.
-e AZURE_REPOS_TOKEN
is the Azure Repo token for accessing the Azure Repos repositories.
-e AZURE_REPOS_ORG
is the name of the Azure Repos organization, snyktest
.
-e AZURE_REPOS_HOST
is the domain name of the Azure Repos Server, dev.azure
.com.
-e BROKER_CLIENT_URL
is the URL of the host machine of the Broker client, http://localhost:8001
.
-e PORT
is the local port, where the Broker Client container accepts connections, 8001
.
-e GIT_CLIENT_URL=http://code-agent:3000
is the URL to the port of the running Code Agent container. The URL includes the name of the Code Agent container, code-agent
, with its port number, 3000
.
-e ACCEPT=/private/accept.json
is the name of the folder that stores the downloaded accept.json
file, private, and the name of the file for GitHub, accept.json
.
-v ./private:/private
is the path to the folder that stores the accept.json
file, private
, and the name of the folder. private
.
--network
is the name of the Docker bridge network, used for communication with the Broker client, mySnykBrokerNetwork
.
snyk/broker:azure-repos
is the Docker image of the Broker client for Azure Repos.