Insecure downstream mode
Usage of this mode is discouraged.
In some situations, you may need to use only http
for your downstream connection. These cases are infrequent and usually occur because of historical http-
only setups. Snyk recommends upgrading these setups to use https
instead.
If upgrading is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM, JIRA, or other service to take place over http
instead of https
.
In most cases, you should avoid insecure downstream mode, and to use it, you must opt-in.
Insecure downstream mode makes all requests go over http
, thus no longer benefitting from the safety of TLS encryption. Insecure downstream mode means all your credentials and data will appear unencrypted, which is only tolerable in tightly secured networks.
Export the environment variable INSECURE_DOWNSTREAM="true"
to use this mode, passing it as an environment value using the -e INSECURE_DOWNSTREAM="true"
option.
Using HTTP is highly insecure! Your data and credentials will be transmitted in clear form over the network exchanges.
Snyk will not be held responsible for any credential leaks that may occur as a result of the use of insecure downstream mode.
Last updated