Snyk Broker - AppRisk
If your SCM or third-party instance is not publicly accessible, you need Snyk Broker. You can install and configure Snyk Broker using Docker or Helm. The minimum supported Broker version for Snyk AppRisk is 4.171.0.
Enable Broker for Snyk AppRisk by setting the APPRISK environment variable to true in the installation command: ACCEPT_APPRISK=true for Docker and --set enableAppRisk=true for Helm.
Ensure you have the Snyk Broker token for the Snyk AppRisk integration. The Snyk support team can provide the needed token, or you can generate it yourself by following these instructions:
Generate your Broker token by following the instructions from the Obtain your Broker token for Snyk Broker page.
Copy and paste the Broker token on the integration setup menu from the Integration Hub.
SCM integrations
GitHub - install and configure Snyk Broker
GitHub Enterprise - install and configure Snyk Broker:
BitBucket - install and configure Snyk Broker:
GitLab - install and configure Snyk Broker:
Azure - install and configure Snyk Broker:
You can find on GitHub all the updated .json files that include the allowed list of accessible endpoints for the integrations.
As the final step following a completed Broker setup, for any brokered integration you want to add to Snyk Apprisk, you must obtain the Broker token. You can find the Broker token in your Organization integration general settings for your integration type, for example, GitHub, GitLab, and so on, as shown in the following image. For third-party integrations, see the next section.
Third-party integrations
Feature availability
The third-party integrations are available only for the Snyk AppRisk Pro version, on Enterprise plans. For more information, see plans and pricing.
Prerequisites
Follow these steps to install and run Snyk Broker for the Snyk AppRisk third-party integrations.
Ensure you have the Snyk Broker token for the Snyk AppRisk integration. The Snyk support team can provide the needed token.
Generate your Broker token by following the instructions from the Obtain your Broker token for Snyk Broker page.
Copy and paste the Broker token on the integration setup menu from the Integration Hub.
Pull the latest Broker image by running this command:
Configure your Snyk AppRisk connection type using the
snyk-broker-configcommand, as explained on the page Initial configuration of the Universal Broker.
Checkmarx SAST integration
After you implement all the general steps applicable to third-party integrations, you can configure the integration with unique credentials.
The following example has CHECKMARX_PASSWORD as the value for the credentials reference. Run the following commands with your password:
SonarQube SAST integration
After you implement all the general steps applicable to third-party integrations, you can configure the integration with unique credentials.
The following example uses SONARQUBE_HOST_URL and SONARQUBE API_TOKEN as the values for the credentials reference. Run the following commands:
Configuration complete
After the Universal Broker connection with a third-party integration is established, the following message is displayed in the logs: successfully established a websocket connection to the broker server.
Last updated
