GitHub Server App

Prerequisites for the GitHub Server App

• A self-hosted instance of GitHub

• Snyk Organization Admin user role

• GitHub organization Admin user role

• A public or private GitHub repository

GitHub Server App benefits

The Snyk GitHub Server App improves on many features compared to the Snyk GitHub Enterprise integration, including role-based granular access control, increased API rate limits, and the creation of an entry point for expanded and enhanced developer experiences.

• RBAC (Role-Based Access Control) Compliance:

  • With the GitHub Server App, the access control mechanism is decoupled from individual user accounts. Instead, it is associated with the app entity itself. This separation allows for better management and enforcement of RBAC policies, as access control is handled at the application level rather than being tied to individual user accounts.

• Granular access control:

  • The GitHub Server App allows for fine-grained control over access permissions at the repository level.

• Increased API rate limit:

  • The GitHub Server App provides higher rate limits, allowing Snyk to make a larger number of API requests. This increased limit will assist in handling large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more.

• Enabler for an enhanced developer experience:

  • Pull request checks: The Checks tab experience in GitHub is exclusively accessible through the GitHub Cloud App, enabling an SCM native experience as part of potential future PR check workflow improvements.

  • Fix and upgrade pull requests: Pull requests initiated by Snyk are performed directly by the GitHub App rather than a service account.

Set up the GitHub Server App

In the Snyk UI navigate to the integrations page and select the GitHub Server App tile.

Clicking on the tile opens a modal that allows you to enter the URL of your GitHub Server. Entering the URL of your GitHub Server instance will redirect you to your GitHub instance, where you will be able to create the app.

You are then asked to authorize the app to act on your users' behalf. The app uses this information to check which GitHub organizations you are authorized to install the app in.

When the install screen in GitHub opens, you can select the GitHub organization where you wish to install the app.

If the GitHub Server App is already installed in a GitHub organization on your GitHub instance, you can select that same GitHub organization during the integration process for a different Snyk Organization.

Specify whether you wish to install the app in all or a select number of the repositories belonging to the selected GitHub organization, then click Install & Authorize.

Migrate from an existing GitHub Enterprise integration

If you are an Enterprise plan customer, you can migrate Snyk Targets to the GitHub Server App using the snyk-migrate-to-github-app tool in the tool repository.

How to disconnect a non-brokered GitHub Server App integration

1. Navigate to the Snyk GitHub Server App integration Settings.

2. At the bottom of the page, select Remove GitHub Server App.

3. When the confirmation modal opens, select Disconnect GitHub Server App.

After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests.

You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again.

How to disconnect a brokered GitHub Server App integration

Run snyk-broker-config workflows connections disconnectand select the connection you want to disconnect.

After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests.

You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again.