GitHub Server App
Prerequisites for the GitHub Server App
A self-hosted instance of GitHub
Snyk Organization Admin user role
GitHub organization Admin user role
A public or private GitHub repository
GitHub Server App benefits
The Snyk GitHub Server App improves on many features compared to the Snyk GitHub Enterprise integration, including role-based granular access control, increased API rate limits, and the creation of an entry point for expanded and enhanced developer experiences.
RBAC (Role-Based Access Control) Compliance:
With the GitHub Server App, the access control mechanism is decoupled from individual user accounts. Instead, it is associated with the app entity itself. This separation allows for better management and enforcement of RBAC policies, as access control is handled at the application level rather than being tied to individual user accounts.
Granular access control:
The GitHub Server App allows for fine-grained control over access permissions at the repository level.
Increased API rate limit:
The GitHub Server App provides higher rate limits, allowing Snyk to make a larger number of API requests. This increased limit will assist in handling large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more.
Enabler for an enhanced developer experience:
Pull request checks: The Checks tab experience in GitHub is exclusively accessible through the GitHub Cloud App, enabling an SCM native experience as part of potential future PR check workflow improvements.
Fix and upgrade pull requests: Pull requests initiated by Snyk are performed directly by the GitHub App rather than a service account.
Set up the GitHub Server App
When setting up the GitHub Server App, you can implement only one of the following scenarios:
One GitHub organization connected to one Snyk Organization
One GitHub organization connected to multiple Snyk Organizations
In the Snyk UI navigate to the integrations page and select the GitHub Server App tile.

Clicking on the tile opens a modal that allows you to enter the URL of your GitHub Server. Entering the URL of your GitHub Server instance will redirect you to your GitHub instance, where you will be able to create the app.


You are then asked to authorize the app to act on your users' behalf. The app uses this information to check which GitHub organizations you are authorized to install the app in.

When the install screen in GitHub opens, you can select the GitHub organization where you wish to install the app.

If the GitHub Server App is already installed in a GitHub organization on your GitHub instance, you can select that same GitHub organization during the integration process for a different Snyk Organization.

Specify whether you wish to install the app in all or a select number of the repositories belonging to the selected GitHub organization, then click Install & Authorize.

The GitHub Server App will lose access to Snyk if it is uninstalled from the GitHub organization. If this happens, you can create a fresh integration in Snyk to regain access.
Migrate from an existing GitHub Enterprise integration
If you are an Enterprise plan customer, you can migrate Snyk Targets to the GitHub Server App using the snyk-migrate-to-github-app tool in the tool repository.
How to disconnect a non-brokered GitHub Server App integration
Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. PR checks cannot be executed and Projects are deactivated in the Snyk Web UI.
Note that the GitHub App will remain listed on your GitHub organization until removed manually.
Navigate to the Snyk GitHub Server App integration Settings.
At the bottom of the page, select Remove GitHub Server App.
When the confirmation modal opens, select Disconnect GitHub Server App.

After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests.
You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again.
How to disconnect a brokered GitHub Server App integration
Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. PR checks cannot be executed and Projects are deactivated in the Snyk Web UI.
Note that the GitHub App will remain listed on your GitHub organization until the app is removed manually.
Run snyk-broker-config workflows connections disconnect
and select the connection you want to disconnect.
After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests.
You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again.
Last updated
Was this helpful?