Links

Snyk Container for self-hosted container registries (with Broker)

Feature availability This feature is available with Enterprise plans. See pricing plans for more details.
Snyk can integrate with private container registries you host that do not have internet access and help you to better secure container images in those registries.
To enable and configure your hosted container registry, contact our support team at [email protected]​

Self-hosted container registries solution components

  • Broker Server: running on Snyk SaaS backend
  • Broker Client and Container Registry Agent: Two Docker images deployed in your infrastructure, creating two separate services responsible for sampling your container registries in a secured manner and sending the allowed information to Snyk
The Broker Client provides the Agent with the connection details. The Agent uses these details to connect to the container registry, scan the images, and send the scan results through the brokered communication using callbacks. The brokered communication happens when a Broker Client connects (using your Broker ID) to a Broker server that runs within the Snyk environment.
See the Snyk Broker Container Registry Agent documentation for more details.
High-level architecture of the Snyk Broker Container Registry Agent
High-level architecture of the Snyk Broker Container Registry Agent

Supported container registries

  • Docker Hub (type: docker-hub)
  • GCR (type: gcr)
  • ECR (type: ecr)
  • Azure (type: acr)
  • Artifactory (type: artifactory-cr)
  • Harbor (type: harbor-cr)
  • Quay (type: quay-cr)
  • GitHub (type: github-cr)
  • Nexus (type: nexus-cr)
  • DigitalOcean (type: digitalocean-cr)
  • GitLab (type: gitlab-cr)
  • Google Artifact Registry (type: google-artifact-cr)