You can natively connect Snyk Code to your local git server. This allows customers who are using a self-hosted git provider such as GitHub Enterprise to find, prioritize and fix potential vulnerabilities in their 1st-party code.
Code access components
Broker server: Running on Snyk SaaS backend
Broker client: A Docker image deployed in your infrastructure.
Code agent: Another Docker image that is deployed in your infrastructure. Note: Code agent is only supported with Snyk Broker v4.108.0 and later versions. If you have a running Broker client, please pull the latest update.
The Broker client and code agent components are deployed in your infrastructure, creating two separate services, responsible for cloning local repositories in a secured manner and sending the allied information to Snyk.
The Broker client provides the Agent with the connection details. The Agent uses these details to connect to your local git repository, clone the relevant files. And send the results through the brokered communications using callbacks. The brokered communication happens when a Broker client connects (using your Broker ID) to a Broker server running in Snyk environment:
If you already have a broker client running, please consider the following additional requirements:
Code agent is only supported with Snyk Broker v4.108.0 and later versions, make sure to pull the latest version first.
Code agent needs permission to clone the full repository, make sure that the SCM token passed to the broker has the corresponding permissions.
Set up the network
To run both the broker client and the broker agent, establish a network connection between them. There are different solutions to expose one container connection with tools like Ngrok (which is also possible here if you want), but this description focuses on docker bridge networks.
Run docker network create <network>
docker network create mySnykBrokerNetwork
You can confirm that it was created by running docker network ls, this will show results like this:
NETWORK ID NAME DRIVER SCOPE
d1353a2b0f66 mySnykBrokerNetwork bridge local
Set up Code Agent
First, pull the code-agent image:
docker pull snyk snyk/code-agent
The following environment variables are mandatory to configure the code agent:
After these snippets are added, all content from the repository can be accessed through Snyk broker.
For instructions how to run Broker client through a proxy, see https://github.com/snyk/broker. Make sure that requests to the Code agent are not sent through the proxy, by passing NO_PROXY=<code agent container>, for example:
For code agent, add the following environment variables to the docker run command: