Skip to content

Latest commit

 

History

History
73 lines (48 loc) · 2.46 KB

github-server-app.md

File metadata and controls

73 lines (48 loc) · 2.46 KB

Snyk Broker for GitHub Enterprise Server

This guide provides the complete and secure workflow for deploying the Snyk Universal Broker to connect to a self-hosted GitHub Enterprise Server.

Part 1: Configure the Snyk Backend

This phase uses the interactive workflow command to create a configuration on the Snyk platform that points to your credentials.

Prerequisites

  • A Snyk Enterprise plan with Tenant Admin permissions.
  • Node.js and npm installed locally.
  • A GitHub Enterprise Personal Access Token (PAT) with repo, admin:repo_hook, and user:email scopes.
  • Helm v3 installed if you plan to deploy to Kubernetes.

Step 1: Install the CLI Tool and Authenticate

Install the latest version of the Snyk configuration tool.

npm install -g @snyk-broker-config

Authenticate the CLI with your Snyk account.

snyk auth

Step 2: Run the Connection Creation Workflow

This command starts the interactive wizard. When it prompts for credentials, you are defining the name of the environment variable the Broker client will look for later.

snyk-broker-config workflows connections create

Follow the prompts from the wizard:

  1. When asked for the connection type, select github-enterprise.
  2. When prompted to create a credential reference, give it the name GITHUB_TOKEN. This is the pointer; you are not providing the secret PAT to the wizard.
  3. Provide your GitHub Enterprise URL when asked.

At the end of the workflow, the wizard will output the credentials needed to identify the client. 🔑 Save these values immediately:

  • CLIENT_ID
  • CLIENT_SECRET
  • DEPLOYMENT_ID

Part 2: Deploy the Broker Client

Now, run the Broker client in your infrastructure. This is where you will provide the actual PAT, injecting it into an environment variable that matches the credential reference name you created in Part 1.

Deploy with Helm

*** Pull the Snyk Helm Repository:**

helm pull oci://registry-1.docker.io/snyk/snyk-universal-broker

Install the Helm Chart:

The credentialReferences.GITHUB_TOKEN key tells Helm to create the GITHUB_TOKEN environment variable in the pod.

helm install snyk-broker snyk-universal-broker/snyk-universal-broker \
  --namespace snyk-broker --create-namespace \
  --set snyk.clientID='<YOUR_CLIENT_ID>' \
  --set snyk.clientSecret='<YOUR_CLIENT_SECRET>' \
  --set snyk.deploymentID='<YOUR_DEPLOYMENT_ID>' \
  --set credentialReferences.GITHUB_TOKEN='<YOUR_ACTUAL_GITHUB_PAT>'