Connect an SCM integration

The Integrations page shows all active integrations, including data from your existing Snyk Organizations that is automatically synced and provides access to the Integration Hub.

You can customize your AppRisk integrations from the Integrations Hub where the following SCMs are available:

The following video explains some of the configuration capabilities available for you in the Integrations view:

If your SCM instance is not publicly accessible, you must connect using Snyk Broker. For details, see Snyk Broker - AppRisk.

GitHub setup guide

Pulled entities

  • Repositories

  • Builds - only when using GitHub Actions.

  • Scans - only when using Code security.

Integrate using Snyk AppRisk

  1. Profile name (mandatory): Input your integration profile name.

  2. Organizations (mandatory): Input the names of all the relevant GitHub organizations.

If you have changed the name of your GitHub organization, copy the new name from the GitHub URL and paste it into the GitHub Organizations field in the Snyk AppRisk Integration Hub.

  1. Access Token (mandatory): Create your GitHub PAT from your GitHub Organization.

If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.

  1. API URL (mandatory) - Input the API URL. The default URL is https://api.github.com.

  2. Pull personal repositories (optional): Enable the option if you only want to pull the repositories you own.

  3. Add Backstage Catalog (optional): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.

Generate a Personal access token from your GitHub settings

  1. Open GitHub and click the Settings menu for your profile.

  2. Select Developer settings from the left sidebar.

  3. Select Personal access tokens and then Tokens (classic).

  4. Click Generate new token and, from the dropdown, select Generate new token (classic).

  5. Add a description for your token in the Note field.

  6. Select the required permissions:

    • repo

    • read:packages

    • read:org

    • read:user

    • user:email.

  7. Click Generate token.

  8. Copy and store the displayed key.

Fine-grained personal access token is not supported.

API Version

You can use the GitHub REST API repository to access information about the API.

You can use as the host Address the IP/URL of the GitHub server. The default URL is https://api.github.com.

The user associated with the token needs to have write permissions on relevant repositories to collect a breakdown of scan issues.

GitLab setup guide

Pulled entities

  • Users

  • Repositories

Integrate using Snyk AppRisk

  1. Profile name (mandatory): Input your integration profile name.

  2. API Token (mandatory): Create your GitLab PAT from your GitLab organization. Follow the instructions in Generate a Personal access token from your GitLab settings section. Authorize your personal access token if you have configured SAML SSO.

If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.

  1. Host URL (mandatory): The IP/URL of the GitLab server. The default URL is https://gitlab.com

  2. Verify SSL (optional): Enable the option if you want to verify the SSL.

  3. Pull personal repositories (optional): Enable the option If you only want to pull the repositories you own.

  4. Add Backstage Catalog (optional): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.

Generate a Personal access token from your GitLab settings

  1. Navigate to your GitLab profile.

  2. Select Edit Profile.

  3. On the left sidebar, select Access Token.

  4. Select Add New Token.

  5. Enter a name and expiry date for the token.

  6. Ensure to enable this permission:

    • read_api - Grants read access to the API, including all groups and projects, the container registry, and the package registry.

    • read_repository - Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.

  7. Click the Create personal access token button.

  8. Copy and store the displayed key.

API version

You can use the GitLab REST API v4 repository to access information about the API.

Azure DevOps setup guide

Pulled entities

  • Repository - the pulled entity retrieved by Snyk AppRisk.

Integrate using Snyk AppRisk

  1. Profile name (mandatory): Input your integration profile name.

  2. Organizations (mandatory): Input the names of all the relevant Azure DevOps organizations.

  3. Access Token (mandatory): Create your Azure DevOps PAT from your Azure DevOps settings. Follow the instructions from the Generate a Personal access token from your Azure DevOps settings section.

If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.

  1. API URL (mandatory): The API URL, for example, https://dev.azure.com/. You can use a custom URL that is publicly accessible.

  2. Add Backstage Catalog (optional): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.

Generate a Personal access token from your Azure DevOps settings

  1. Open Azure DevOps and click the Settings menu for your profile.

  2. Click Personal access tokens and then New token.

  3. Select the following scopes:

    • Permissions

      • Code - read

      • Project and Team - read

      • Graph - read

      • Analytics - read

      • Release - read

      • Security - manage

    • Organization - Select All accessible organizations or a specific organization.

  4. Set the expiration to 12 months.

  5. Copy the generated personal access token and share it through a secured vault.

API version

You can use the Azure DevOps REST API v6 repository to access information about the API.

BitBucket setup guide

Bitbucket Server and Bitbucket Cloud do not support automatic language detection. You can manually add language tags to a Bitbucket Cloud repository. After manually setting up the languages in your Bitbucket project, Snyk can automatically detect and ingest all those languages in your Snyk AppRisk application.

Pulled entities

  • Users

  • Repositories

Integrate using Snyk AppRisk

  1. Profile name (mandatory): Input your integration profile name.

  2. Access Token (mandatory): Create your BitBucket PAT from your BitBucket organization.

If you want to use the Broker Token follow the instructions from the Snyk Broker AppRisk page.

  1. API URL (mandatory) - Input the API URL.

  2. Username (mandatory): Input the BitBucket username of your organization.

  3. App password (mandatory): Create an API token from your BitBucket account, with the following permissions:

    • Workspace membership - Read

    • Account - Read

    • Projects - Read

    • Repositories - Read

    • Issues - Read

Create a BitBucket app password by following these steps:

  1. Open your BitBucket account

  2. Click the Settings option

  3. Click the Personal BitBucket settings option

  4. Navigate to the App passwords sub-section from the ACCESS MANAGEMENT section.

  1. Service type (mandatory): Select the service type, Cloud, or On-premises.

  2. Add Backstage Catalog (optional): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.

API version

You can use the BitBucket REST API V2 repository to access information about the API.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.