Setup Broker with Azure Repos
Configuring Azure Repos with broker is useful to ensure a secure connection with your on-premise or cloud Azure Repos deployment.

To configure Broker to be used for Azure Repos

Please ask for your CSM support to provide you with a Broker token
You will require Docker or a way to run Docker containers
  • Obtain your Azure Repos Broker token from your CSM or Support team
  • To use the Broker client with Azure, run docker pull snyk/broker:azure-repos tag. The following environment variables are mandatory to configure the Broker client:
    • BROKER_TOKEN - the Snyk Broker token, obtained from your Azure Repos integration settings view (
    • AZURE_REPOS_TOKEN - an Azure Repos personal access token. Guide how to get/create the token. Required scopes: ensure Custom defined is selected and under Code select Read & write
    • AZURE_REPOS_ORG - organization name, which can be found in your Organization Overview page in Azure
    • AZURE_REPOS_HOST - the hostname of your Azure Repos Server deployment, such as
    • PORT - the local port at which the Broker client accepts connections. Default is 8000.
    • BROKER_CLIENT_URL - the full URL of the Broker client as it will be accessible to your Azure Repos' webhooks, such as http://broker.url.example:8000
  • Example:
docker run --restart=always \
-p 8000:8000 \
-e BROKER_TOKEN=<secret-broker-token> \
-e AZURE_REPOS_TOKEN=<secret-azure-token> \
-e AZURE_REPOS_ORG=<org-name> \
-e AZURE_REPOS_< (no http/s)> \
-e PORT=8000 \
-e BROKER_CLIENT_URL=<http://broker.url.example:8000 (dns/IP:port)> \
-e ACCEPT=/private/accept.json
-v /local/path/to/private:/private \
  • If necessary, go to the Advanced Configuration section of Install and configure the Snyk Broker client and make any configuration changes if required (For example, if the Azure Repos instance is using a private certificate, provide the CA (Certificate Authority) to the Broker Client configuration). A fully configured accept.json for Snyk IaC, Code, Open Source and Container for Azure Repos is attached.
  • Paste the Broker Client configuration to start the broker client container
  • Once the container is up, the Azure Repos Integrations page should show the connection to Azure Repos and you should be able to Add Projects
Basic Troubleshooting
  • Run docker logs <container id> where container id is the Azure Repos Broker container ID to look for any errors
  • Ensure relevant ports are exposed to Azure Repos
Export as PDF
Copy link
Edit on GitHub