This guide provides the complete workflow for deploying the Snyk Universal Broker to connect to Azure DevOps.
- A Snyk Enterprise plan with Tenant Admin permissions.
- Node.js and npm installed locally.
- An Azure DevOps Personal Access Token (PAT) with
Code (Read & write),Build (Read), andProject and Team (Read)scopes. - Helm v3 installed if you plan to deploy to Kubernetes.
Install the latest version of the Snyk configuration tool.
npm install -g @snyk-broker-configAuthenticate the CLI with your Snyk account.
snyk authThis command starts the wizard. You will define the name of the environment variable that will hold your PAT.
snyk-broker-config workflows connections createFollow the prompts from the wizard:
- When asked for the connection type, select
azure-devops. - When prompted to create a credential reference, give it the name
AZURE_DEVOPS_TOKEN. - Provide your Azure DevOps Organization URL when asked.
At the end of the workflow, the wizard will output the client's identity credential.
CLIENT_IDCLIENT_SECRETDEPLOYMENT_ID
Run the Broker client, injecting your Azure DevOps PAT into an environment variable that matches the credential reference name.
Add the Snyk Helm Repository:
helm repo add snyk-universal-broker https://snyk.github.io/snyk-universal-broker-helm
helm repo updateInstall the Helm Chart:
The credentialReferences.AZURE_DEVOPS_TOKEN key tells Helm to create the AZURE_DEVOPS_TOKEN environment variable in the pod.
helm install snyk-broker snyk-universal-broker/snyk-universal-broker \
--namespace snyk-broker --create-namespace \
--set snyk.clientID='<YOUR_CLIENT_ID>' \
--set snyk.clientSecret='<YOUR_CLIENT_SECRET>' \
--set snyk.deploymentID='<YOUR_DEPLOYMENT_ID>' \
--set credentialReferences.AZURE_DEVOPS_TOKEN='<YOUR_ACTUAL_AZURE_PAT>'