Snyk Broker - Code Agent
To connect Snyk Code to your self-hosted Git server via the Snyk Broker, you must add the Code Agent component to the Snyk Broker deployment structure. By using the Code Agent component with the Snyk Broker, you can scan repositories that are stored on your self-hosted Git provider, and apply the Snyk Code analysis to these repositories in order to find, prioritize, and fix potential vulnerabilities in your source code.
To apply the Snyk Code analysis to repositories that are stored on your self-hosted Git server, you need the following components:
- Broker Server - a Server that is running on the Snyk SaaS backend The Broker Server is provided by Snyk, and no installation is required on your part.
- Code Agent - another Docker image that is deployed in your infrastructure For more information, see Setting up the Code Agent. The Code Agent is supported only in Snyk Broker version 4.108.0 and later versions. If you already have a running Broker Client, you must update it by pulling the latest Docker image. For more information, see Downloading or Updating the Snyk Broker Client – Docker image.
The Broker Client and Code Agent components are deployed in your infrastructure, creating two separate services. Together with the Broker Server, the Snyk Code AI Engine, and the Snyk Web UI, these components are responsible for the following Code Analysis workflow:
1. On the Snyk Web UI, a request is initiated by a user to import a repository from a self-hosted Git server to Snyk for Code Analysis. The request can also be initiated from the Snyk API v1, by using the Import targets request.
2. The request arrives at the Broker Server, which is hosted by Snyk. The Broker Server sends the request to the Broker Client, which sends it to the Code Agent. The Broker Client automatically provides the Code Agent with the connection details to the integrated SCM, which stores the required repositories.
3. The Code Agent connects to the integrated SCM, and clones the local repository in a secured manner in your infrastructure. The cloned repository is stored temporarily on the Code Agent container. The cloning is performed via HTTPS connection. If your SCM does not support HTTPS, you can work around this with a reverse proxy. For more details reach out to your technical contact at Snyk.
4. The Code Agent filters the cloned repository for supported files and sends them to the Snyk Code AI Engine.
Snyk Code Analysis workflow with Broker