Connect an SCM integration
The Integrations page shows all active integrations, including data from your existing Snyk Organizations that is automatically synced and provides access to the Integration Hub.
You can customize your AppRisk integrations from the Integrations Hub where the following SCMs are available:
The following video explains some of the configuration capabilities available for you in the Integrations view:
If your SCM instance is not publicly accessible, you must connect using Snyk Broker. For details, see Snyk Broker - AppRisk.
GitHub setup guide
Pulled entities
Repositories
Builds - only when using GitHub Actions.
Scans - only when using Code security.
Integrate using Snyk AppRisk
Profile name (
mandatory
): Input your integration profile name.Organizations (
mandatory
): Input the names of all the relevant GitHub organizations.Access Token (
mandatory
): Create your GitHub PAT from your GitHub organization. Follow the instructions in the Generate a Personal access token from your GitHub settings section. Authorize your personal access token if you have configured SAML SSO.
If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.
API URL (
mandatory
) - Input the API URL. The default URL ishttps://api.github.com
.Pull personal repositories (
optional
): Enable the option if you only want to pull the repositories you own.Add Backstage Catalog (
optional
): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.
Generate a Personal access token from your GitHub settings
Open GitHub and click the Settings menu for your profile.
Select Developer settings from the left sidebar.
Select Personal access tokens and then Tokens (classic).
Click Generate new token and, from the dropdown, select Generate new token (classic).
Add a description for your token in the Note field.
Select the required permissions:
repo
read:packages
read:org
read:user
user:email
.
Click Generate token.
Copy and store the displayed key.
Fine-grained personal access token is not supported.
API Version
You can use the GitHub REST API repository to access information about the API.
You can use as the host Address the IP/URL of the GitHub server. The default URL is https://api.github.com
.
The user associated with the token needs to have write permissions on relevant repositories to collect a breakdown of scan issues.
GitLab setup guide
Pulled entities
Users
Repositories
Integrate using Snyk AppRisk
Profile name (
mandatory
): Input your integration profile name.API Token (
mandatory
): Create your GitLab PAT from your GitLab organization. Follow the instructions in Generate a Personal access token from your GitLab settings section. Authorize your personal access token if you have configured SAML SSO.
If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.
Host URL (
mandatory
): The IP/URL of the GitLab server. The default URL ishttps://gitlab.com
Verify SSL (
optional
): Enable the option if you want to verify the SSL.Pull personal repositories (
optional
): Enable the option If you only want to pull the repositories you own.Add Backstage Catalog (
optional
): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.
Generate a Personal access token from your GitLab settings
Navigate to your GitLab profile.
Select Edit Profile.
On the left sidebar, select Access Token.
Select Add New Token.
Enter a name and expiry date for the token.
Ensure to enable this permission:
read_api
- Grants read access to the API, including all groups and projects, the container registry, and the package registry.read_repository
- Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.
Click the Create personal access token button.
Copy and store the displayed key.
API version
You can use the GitLab REST API v4 repository to access information about the API.
Azure DevOps setup guide
Pulled entities
Repository - the pulled entity retrieved by Snyk AppRisk.
Integrate using Snyk AppRisk
Profile name (
mandatory
): Input your integration profile name.Organizations (
mandatory
): Input the names of all the relevant Azure DevOps organizations.Access Token (
mandatory
): Create your Azure DevOps PAT from your Azure DevOps settings. Follow the instructions from the Generate a Personal access token from your Azure DevOps settings section.
If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.
API URL (
mandatory
): The API URL, for example,https://dev.azure.com/
. You can use a custom URL that is publicly accessible.Add Backstage Catalog (
optional
): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.
Generate a Personal access token from your Azure DevOps settings
Open Azure DevOps and click the Settings menu for your profile.
Click Personal access tokens and then New token.
Select the following scopes:
Permissions
Code - read
Project and Team - read
Graph - read
Analytics - read
Release - read
Security - manage
Organization - Select All accessible organizations or a specific organization.
Set the expiration to 12 months.
Copy the generated personal access token and share it through a secured vault.
API version
You can use the Azure DevOps REST API v6 repository to access information about the API.
BitBucket setup guide
BitBucket Server and BitBucket Cloud do not support automatic language detection. If you use BitBucket Cloud you can manually add the language tags to a repository.
Note that for BitBucket Server you are unable to manually add language tags to a repository.
Pulled entities
Users
Repositories
Integrate using Snyk AppRisk
Profile name (
mandatory
): Input your integration profile name.Access Token (
mandatory
): Create your BitBucket PAT from your BitBucket organization.
If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.
API URL (
mandatory
) - Input the API URL.Username (
mandatory
): Input the BitBucket username of your organization.App password (
mandatory
): Create an API token from your BitBucket account, with the following permissions:Workspace membership - Read
Account - Read
Projects - Read
Repositories - Read
Issues - Read
Create a BitBucket app password by following these steps:
Open your BitBucket account
Click the Settings option
Click the Personal BitBucket settings option
Navigate to the App passwords sub-section from the ACCESS MANAGEMENT section.
Service type (
mandatory
): Select the service type, Cloud, or On-premises.Add Backstage Catalog (
optional
): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.
API version
You can use the BitBucket REST API V2 repository to access information about the API.
Last updated