diff --git a/platform-administration/README.md b/platform-administration/README.md index 776b6a2d17f6..d954bc663f56 100644 --- a/platform-administration/README.md +++ b/platform-administration/README.md @@ -60,7 +60,7 @@ You can manage users and permissions in your Groups. For details, see [Manage us ### Manage Tenant, Groups, and Organizations -Snyk groups and organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/). +Snyk Groups and Organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/). ### Define notifications diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md index eec36b0c205f..3ef7bf7fa19a 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md @@ -5,13 +5,13 @@ PR Checks for Bitbucket Server integrations require Bitbucket Server version 7.4 and above, or Bitbucket Data Center version 8 or above.\ \ -When using a brokered connection, Snyk Broker version 5.4.9 and above is required. +When using a brokered connection, you must use Snyk Broker version 5.4.9 and above. {% endhint %} Review the general instructions for the installation method you plan to use, [Helm](../install-and-configure-broker-using-helm.md) or [Docker](../install-and-configure-broker-using-docker.md). Before installing the Bitbucket Server/Data Center Broker, ensure your Snyk account team provides you with a Broker token. -Docker or an equivalent method is required to run Docker Linux containers. Some Docker setups for Windows only support Windows containers. Ensure your deployment can run Linux containers. +You must have Docker or an equivalent method to run Docker Linux containers. Some Docker setups for Windows support only Windows containers. Ensure your deployment can run Linux containers. After you meet all the prerequisites, you can continue with the steps to install using [Docker](bitbucket-server-data-center-install-and-configure-using-docker.md) or [Helm](bitbucket-server-data-center-install-and-configure-using-helm.md). diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md index 701d58e88f24..e5ea24d9dedf 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md @@ -4,13 +4,13 @@ Before installing, review the [prerequisites](./) and the general instructions f This integration is useful to ensure a secure connection with your on-premise Bitbucket deployment. -This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude Basic Auth usage, in which case Bearer Auth is preferred. +This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude use of Basic Auth, in which case Bearer Auth is preferred. ## Configure Broker to be used with Bitbucket using Basic Auth The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment. -To use the Snyk Broker Client with BitBucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables. +To use the Snyk Broker Client with Bitbucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables. If necessary, navigate to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). @@ -48,7 +48,7 @@ Snyk Essentials is set by default to **`false`**. Enable it by setting the flag The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment using an API token. -To use the Snyk Broker Client with BitBucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md). +To use the Snyk Broker Client with Bitbucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md). If necessary, go to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). @@ -79,9 +79,9 @@ Snyk Essentials is set by default to `false`. Enable it by setting the flag to ` Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects` +After the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects`. -## Basic troubleshooting for Broker with BitBucket +## Basic troubleshooting for Broker with Bitbucket * Run `docker logs ` to look for any errors, where `container id` is the Bitbucket Broker container ID. * Ensure relevant ports are exposed to Bitbucket. diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md index ba0f8655d39e..8e910ef471ce 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md @@ -16,7 +16,7 @@ Copy the following command to set up a fully configured Broker Client to analyze {% hint style="info" %} **Multi-tenant settings for regions**\ -When installing, you must add a command in your script to set the `BROKER_SERVER_URL`.This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). +When installing, you must add a command in your script to set the `BROKER_SERVER_URL`. This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). {% endhint %} ```bash diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md index 137f66727bc3..2e9911f532a1 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md @@ -1,7 +1,7 @@ # Install and configure Broker using Docker {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} {% hint style="info" %} @@ -21,7 +21,7 @@ The following pages explain how to install these special integrations. * [GitHub](github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md) * [GitHub Enterprise](github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-docker.md) -* [Bitbucket Server/Data Centre](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md) +* [Bitbucket Server/Data Center](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md) * [Gitlab](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md) * [Azure Repos](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md) * [JFrog Artifactory Repository](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md) @@ -31,7 +31,7 @@ The following pages explain how to install these special integrations. You can customize the configuration using the environment variables in the Docker images. For this reason, install separate, multiple instances of the Broker Client for different integration types to ensure proper configuration as well as redundancy. -You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Advanced configuration using Docker diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md index 156679d45a88..5d7952262767 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md @@ -1,7 +1,7 @@ # Install and configure Broker using Helm {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} {% hint style="info" %} @@ -22,7 +22,7 @@ When you set up Snyk Broker for use in regions other than the default, additiona ## Install using the Snyk Broker Helm Chart -The Helm chart does not manage connectivity, and thus, you will be responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster. +The Helm chart does not manage connectivity, so you are responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster. To use this chart, you must first add the Snyk Broker Helm Chart by adding the repo: @@ -48,7 +48,7 @@ Beginning with version 2.0.0, all created objects have a suffix based on the rel Additional commands are available to install [Snyk Broker - Container Registry Agent](../../../../implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/), needed to connect to Container Registries; `scmType`: `container-registry-agent`\\ -You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Advanced configuration using Helm diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md index fb9aecfc332b..fd63dc8d7a1c 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md @@ -20,7 +20,7 @@ For code repository (SCM) integrations, you can generate a Broker token by using 1. Use the endpoint [Update Existing Integration](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-type) to enable Snyk Broker for a specific Organization and a specific SCM. Follow the example under "Set up a broker for an existing integration." This generates a Broker token in the UI. 2. To generate a Broker token programmatically after enabling Snyk Broker, use the endpoint [Provision new Broker token](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-integrationid-authentication-provision-token) to generate a Broker token.\ You can see the generated Broker token in the API response body and on the Web UI. -3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration. by selecting **Settings** > **Integrations** for that specific integration to see the Broker token. +3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration by selecting **Settings** > **Integrations** for that specific integration to see the Broker token. 4. After generating the Broker token, copy and save it and store it in a secure location for future use, or obtain it later using the Web UI. ## **Generate a Broker token in the Web UI** diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md index 8d0ca543f1e5..0e0aa68e6f6b 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md @@ -8,7 +8,7 @@ A deployment can support multiple connections of any type, as shown in the diagr

Universal Broker deployment example

-Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organization(s). These Organizations can be in the same or different Snyk Groups. +Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organizations. These Organizations can be in the same or different Snyk Groups. In the diagram, Group 1 includes Organizations A through D, and Group 2 includes Organizations E and F. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md index 680a491e8b1e..ed9fb82875c5 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md @@ -14,4 +14,4 @@ You can share credentials references across connections by selecting a credentia After the connection is created, run `snyk-broker-config workflows connections integrate` and select the desired deployment and connection. Then enter the Organization ID for the Organization with which you want to integrate. For details, see [Integrate a connection with an Organization](../../../implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md#integrate-a-connection-with-an-organization). -If you integrate a connection already integrated with an Organization, the previous integration will be lost in favor of the new one. Be sure to paste the correct Organization ID. +If you integrate a connection already integrated with an Organization, the previous integration is lost in favor of the new one. Be sure to paste the correct Organization ID. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md index d081767e7d49..733b73682216 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md @@ -46,7 +46,7 @@ A typical workflow for adding a new Broker connection using the CLI involves the snyk-broker-config workflows connections create ``` - The CLI will then guide you through the process, prompting for: + The CLI then guides you through the process, prompting for: * Your Snyk API Token, required for authentication if you did not already export it as an environment variable. * The Snyk Organization ID where the Broker connection is used. @@ -95,7 +95,7 @@ You will need them to run your Broker Client. Have you saved these credentials? (Y/N) ``` -The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret will be displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually. +The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret is displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually. * When you have saved your credentials, type Y and press Enter. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md index 549db34cf2d9..23c3fc1fce87 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md @@ -4,13 +4,13 @@ You can learn more about deployment and architecture, and more, with the [Universal Broker Snyk Learn ](https://learn.snyk.io/lesson/universal-broker/#3f799f7f-58a9-4225-53fb-9cc5b6913920)course. {% endhint %} -The Universal Broker allows you to run multiple connections of any type using a single container. Snyk recommends running in High Availability Mode (on by default), to run multiple replicas. +The Universal Broker lets you run multiple connections of any type using a single container. Snyk recommends running in High Availability Mode (on by default), to run multiple replicas. On Kubernetes, the Helm chart creates a stateful set with numerous members, automatically creating multiple replicas. When using Docker Compose, you must create multiple replicas explicitly in your deployment configuration. See the [Docker Compose example](../../../implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md#docker-compose-example) for more info. -Usage of resources varies based on a number of factors, making it difficult to model the actual use of resources (CPU and memory) for the container. Each deployment is limited to a maximum of 25 connections to avoid exhaustion of resources. +Use of resources varies based on a number of factors, making it difficult to model the actual use of resources (CPU and memory) for the container. Each deployment is limited to a maximum of 25 connections to avoid exhaustion of resources. If you find you need more resource segregation or allocation that does not fit well into a single container setup, you can create a new deployment with its set of connections to split the load across numerous Broker clients and containers. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md index cd145609136e..47d21e72b186 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md @@ -4,7 +4,7 @@ Before creating deployments, ensure you have met the [prerequisites](../../../im ## Prepare hosts for the installation of Universal Broker -Snyk recommends configuring at least two separate instances of the Broker Client for each integration, either on different hosts or installed using Kubernetes. This ensures that you always have at least two instances running for redundancy. To install the Universal Broker using Helm please see the [Snyk Universal Broker Helm Chart](https://github.com/snyk/snyk-universal-broker-helm). +Snyk recommends configuring at least two separate instances of the Broker Client for each integration, either on different hosts or installed using Kubernetes. This ensures that you always have at least two instances running for redundancy. To install the Universal Broker using Helm, see the [Snyk Universal Broker Helm Chart](https://github.com/snyk/snyk-universal-broker-helm). ## Configure your network for using Universal Broker @@ -22,7 +22,7 @@ Use the Universal Broker `snyk-broker-config` CLI tool to configure and manage c If you have not previously installed the Universal Broker, refer to the Prerequisites for Universal Broker and [Basic steps to install and configure Universal Broker.](basic-steps-to-install-and-configure-universal-broker.md) -Be sure to set your environment variables to make usage easier, including when you are installing the `snyk-broker-config` CLI tool. Use the following commands: +Be sure to set your environment variables to make use easier, including when you are installing the `snyk-broker-config` CLI tool. Use the following commands: Linux/Mac @@ -34,7 +34,7 @@ Windows * `set SNYK_TOKEN=` * `set TENANT_ID=` -If the Universal Broker has already been installed, set the Install ID as an environment variable for easier usage. Use the following commands: +If you have already installed the Universal Broker, set the Install ID as an environment variable for easier use. Use the following commands: Linux/Mac diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md index 178e634af9ba..9f39e8b44fd8 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md @@ -2,7 +2,7 @@ This page provides an example of using the API to set up a GitHub connection with the Universal Broker. Repeat connecting your Organization for as many integrations as needed. -Using the `snyk-broker-config` CLI tool is recommended for an easier experience. The API allows for automation and more control, and also requires a clear understanding of Broker deployments, credentials, connections, and integrations. +Snyk recommends using the `snyk-broker-config` CLI tool for an easier experience. The API allows for automation and more control, and also requires a clear understanding of Broker deployments, credentials, connections, and integrations. {% hint style="info" %} In any of the calls that follow, replace `api.snyk.io` with your regional equivalent if necessary, for example, `api.eu.snyk.io`. For a list of URLs, see [API URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#api-urls). @@ -121,7 +121,7 @@ Use the `CLIENT_ID` and `CLIENT_SECRET` values returned when you installed the B snyk/broker:universal -When the command is running, you should get the following message in the output: +When the command is running, you get the following message in the output:
{"name":"snyk-broker","hostname":"c918a4e1535a","pid":1,"level":30,"msg":"Found deployment 12345678-1234-1234-1234-123456789012. Waiting for connections. (polling)","time":"2024-06-18T20:15:20.572Z","v":0}
 
diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md index 31c979335471..d0d733684de4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md @@ -7,7 +7,7 @@ Service accounts are available only for Enterprise plans. For more information, Free and Team plan users and Trial users have access to a Snyk user's token under their profile and can use this token to authenticate with a CI/CD, to run the CLI locally or on a build machine, and to authenticate with an IDE manually. {% endhint %} -Service accounts are a special type of system user. Creating a service account generates an API token that is the only token associated with the service account and takes the place of standard user credentials. Snyk needs authentication in order to initiate Snyk processes. +Service accounts are a special type of system user. Creating a service account generates an API token that is the only token associated with the service account and takes the place of standard user credentials. Snyk needs authentication to initiate Snyk processes. You can set up a service account to use for automation rather than using a Snyk user's token and to help manage integrations. @@ -48,7 +48,7 @@ Generate single or multiple tokens on the Group or Organization levels to manage ### Prerequisites to set up a service account {% hint style="info" %} -Group viewers are not able to create service accounts, regardless of their Org role. +Group viewers cannot create service accounts, regardless of their Org role. {% endhint %} To create a Group service account**,** you must be a Group admin. To create an Organization service account, you must be either a Group member and Org Admin, or a Group admin. @@ -84,7 +84,7 @@ From the **Role** dropdown list, select an appropriate role. For Group service accounts, choose from the following list of roles to configure the scope of the token; Snyk recommends selecting Viewer or Admin. -* **Group Viewer** enables read-only access. Note that to set an API token to be read-only and unable to write to the platform, you must use a service account and set it to Group Viewer. See [Snyk API token permissions users can control](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control). +* **Group Viewer** enables read-only access. To set an API token to be read-only and unable to write to the platform, you must use a service account and set it to Group Viewer. See [Snyk API token permissions users can control](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control). * **Group Admin** enables full administrator access. * **Group Member** associates a service account with a group but does not grant any specific access. @@ -93,14 +93,14 @@ For **Organization service accounts**, choose from the standard roles, **Org Adm ### Create the service account {% hint style="warning" %} -To align with security best practice, a service account token is only generated once. If you lose this token you will need to create a new service account and safely store that newly generated token. +To align with security best practice, a service account token is only generated once. If you lose this token, you must create a new service account and safely store that newly generated token. {% endhint %} Click **Create**. The token is generated and displayed. -Ensure that you copy this token, as you will not see it again. You can click **Close and Hide** once you have copied the token; whether you do or not, when you navigate away from this page, the token will no longer be visible. This is a standard security practice to keep your tokens safe. +Ensure that you copy this token, as you cannot see it again. You can click **Close and Hide** after you have copied the token. Whether you do or not, when you navigate away from this page, the token is no longer visible. This is a standard security practice to keep your tokens safe. #### How the token is associated with a Group and Organizations @@ -165,7 +165,7 @@ When you open a role that is assigned to a service account, the system displays
Warning that you are about to change a role assigned to a service account

Warning that you are about to change a role assigned to a service account

{% hint style="warning" %} -Snyk prevents users from creating Organization service accounts with a role that has more privileges than those the user creating the service account has. If you try to create a service account with a role that has more privileges than you have, you will see the error **Cannot create a service account with a higher privilege role than yours**. +Snyk prevents users from creating Organization service accounts with a role that has more privileges than those the user creating the service account has. If you try to create a service account with a role that has more privileges than you have, you see the error **Cannot create a service account with a higher privilege role than yours**. {% endhint %}
User cannot assign a more privileged role to a service account

User cannot assign a more privileged role to a service account

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md index 16a1046e145a..14f57ed4ae6c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md @@ -10,7 +10,7 @@ The permissions granted to a service account depend on the user role type it is #### Access tokens -Service accounts use Snyk [access tokens](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/personal-access-tokens-pats) to secure your workflow. You control when the service account is created and can se the expiry date. The maximum expiry for an access token service account is one year, and on expiration you must create a new service account to continue using this authentication method. +Service accounts use Snyk [access tokens](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/personal-access-tokens-pats) to secure your workflow. You control when the service account is created and can set the expiry date. The maximum expiry for an access token service account is one year, and on expiration you must create a new service account to continue using this authentication method. Use an [OAuth 2.0 service account](service-accounts-using-oauth-2.0.md) instead of an access token service account, to prevent downtime when a token expires if you are using automation, for example, CI/CD pipeline. @@ -24,4 +24,4 @@ For more details on implementing this type of service account, visit [Service ac #### API key (legacy) -The service account has a Snyk API key associated with it. API keys are quick to implement in a workflow and do not expire. Due to the risk of a token which does not expire, this option is not recommended. +The service account has a Snyk API key associated with it. API keys are quick to implement in a workflow and do not expire. Due to the risk of a token that does not expire, Snyk does not recommend this option. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md index a5b5e2b36415..a43e8dbfcc01 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md @@ -25,7 +25,7 @@ Specific permissions are required to perform all these tasks. For more informati `jwks_url` - A JWKs URL hosting your public keys used to verify signed JWT requests. This must be `https`. Required only when `auth_type` is `oauth_private_key_jwt`. -`access_token_ttl_seconds` - The time, in seconds, that a generated access token will be valid for. Defaults to one hour if unset. Required only when `auth_type` is `oauth_client_secret` or `oauth_private_key_jwt`. +`access_token_ttl_seconds` - The time, in seconds, that a generated access token is valid for. Defaults to one hour if unset. Required only when `auth_type` is `oauth_client_secret` or `oauth_private_key_jwt`. ## Manage Group-level service accounts @@ -75,7 +75,7 @@ This call permanently deletes the specified service account and revokes its cred **API endpoint:** [Manage a group service account’s client secret](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/serviceaccounts#groups-group_id-service_accounts-serviceaccount_id-secrets) -This call allows you to manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: +This call lets you manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: * `create` - generate a new client secret. A service account can have a maximum of two active secrets at a time. * `delete` - delete an existing client secret. This requires putting `client_secret` in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail. @@ -129,7 +129,7 @@ This call permanently deletes the specified service account. **API endpoint:** [Manage an organization's service account's client secret](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/serviceaccounts#orgs-org_id-service_accounts-serviceaccount_id-secrets) -This call allows you to manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: +This call lets you manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: * `create` - generate a new client secret. A service account can have a maximum of two active secrets at a time. * `delete` - delete an existing client secret. This requires putting `client_secret` in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md index 0be08176b11c..9d03472621b2 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md @@ -5,7 +5,7 @@ Service accounts using OAuth 2.0 are available only with Enterprise plans through the Snyk API. For more information, see [Manage service accounts using the Snyk API](manage-service-accounts-using-the-snyk-api.md). {% endhint %} -You can create service accounts that authenticate with the [Auth 2.0 `client_credentials` grant flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). OAuth 2.0 access tokens are used the same way another Snyk token is used, but they have added security of a short time-to-live (TTL) and can be automatically refreshed. +You can create service accounts that authenticate with the [OAuth 2.0 `client_credentials` grant flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). OAuth 2.0 access tokens are used the same way another Snyk token is used, but they have added security of a short time-to-live (TTL) and can be automatically refreshed. ## OAuth 2.0 with client secret @@ -23,7 +23,7 @@ After the service account is created, you can retrieve an `access_token` through You can use an`access_token` the same way as you would use a Snyk API key, but with the `Authorization: bearer $access_token` header or the `SNYK_OAUTH_TOKEN` environment variable with the Snyk CLI. -The `access_token` has a short time-to-live and must be refreshed once it expires. There are many OAuth 2.0 libraries available that greatly simplify this process. +The `access_token` has a short time-to-live and must be refreshed after it expires. Many OAuth 2.0 libraries are available that greatly simplify this process. ### Authenticate with the Snyk CLI @@ -34,7 +34,7 @@ You can also use the `client_secret` and the `client_id` to authenticate with th In addition to creating and managing OAuth service accounts through the API, you can create OAuth-based service accounts through the Web UI. The steps follow. {% hint style="info" %} -Note: you cannot modify the lifetime of an OAuth service account through the UI, but you can perform this action through the API. +You cannot modify the lifetime of an OAuth service account through the UI, but you can perform this action through the API. {% endhint %} 1. In the Group settings section, select **Service Accounts**. @@ -45,10 +45,10 @@ Note: you cannot modify the lifetime of an OAuth service account through the UI, 3. Select the **OAuth 2.0 client credentials** radio button and click the **Create service account** button.

OAuth 2.0 client credentials

-4. A window opens, showing your **Client ID** and **Client secret**. Note these credentials and copy them, as you will not be able to retrieve them in the future. After you have copied the credentials to a safe location, click **Close window**. -5. Your service account will be listed in the service accounts in your Group. +4. A window opens, showing your **Client ID** and **Client secret**. Note these credentials and copy them, as you cannot retrieve them in the future. After you have copied the credentials to a safe location, click **Close window**. +5. Your service account is listed in the service accounts in your Group. -

Service account listed for your Gorup

+

Service account listed for your Group

## Delete an OAuth-based service account through the UI @@ -59,9 +59,9 @@ Note: you cannot modify the lifetime of an OAuth service account through the UI, 3. A window opens with the prompt **Are you sure you want to delete this service account?** To delete the service account, click the **Delete service account** button. -

Confirmation screen to keep service account or delete sevice account

+

Confirmation screen to keep service account or delete service account

-Your service account has been deleted. +Your service account is deleted. ## OAuth 2.0 with Private Key JWT @@ -92,10 +92,10 @@ The JWT should include the [claims](https://datatracker.ietf.org/doc/html/rfc751 ### Retrieve a Private Key JWT access token -After the service account is created and signed JWT is prepared, you can retrieve an `access_token` using the [Snyk OAuth 2.0 access token endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/oauth2-api#token). This access token can be used the same way as a Snyk API key would be used. The request body should include the following: +After the service account is created and signed JWT is prepared, you can retrieve an `access_token` using the [Snyk OAuth 2.0 access token endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/oauth2-api#token). You can use this access token the same way as a Snyk API key. The request body should include the following: * `grant_type: client_credentials` * `client_assertion_type: private_key_jwt` * `client_assertion:` `` -The `access_token` has a short time to live and must be refreshed once it expires. Many OAuth 2.0 libraries are available that will greatly simplify this process. +The `access_token` has a short time to live and must be refreshed after it expires. Many OAuth 2.0 libraries are available that greatly simplify this process. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md index c5a181ee3208..15ab1f3804f0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md @@ -4,7 +4,7 @@ Contact your Snyk account team or Snyk Support to turn on custom mapping once you have completed the setup steps. {% endhint %} -Determine how new users in your company will get access to Snyk: +Determine how new users in your company get access to Snyk: * [Open to all](choose-a-provisioning-option.md#open-to-all) * [Invitation required](choose-a-provisioning-option.md#invitation-required) @@ -12,9 +12,9 @@ Determine how new users in your company will get access to Snyk: ## Open to all -With the Open option, all users have automatic access to Snyk by using SSO to log in. They will have access to all Organizations in your selected Group. Their accounts will all be provisioned with the same role, with two options: +With the Open option, all users have automatic access to Snyk by using SSO to log in. They have access to all Organizations in your selected Group. Snyk provisions all their accounts with the same role, with two options: -* The **Org** **administrator** role allows all new users to manage other Org admins and collaborators, view Group reports, and work with Organizations within the Group as well as perform non-administrative tasks in the Organization. +* The **Org** **administrator** role lets all new users manage other Org admins and collaborators, view Group reports, and work with Organizations in the Group as well as perform non-administrative tasks in the Organization. * The **Org** **collaborator** role can perform non-administrative tasks in the Organization. Let Snyk Support know whether new users will have the administrator role or the collaborator role for the Organization. The selected role applies for all users. For details, see [Pre-defined roles](../../../snyk-platform-administration/user-roles/pre-defined-roles.md). @@ -25,7 +25,7 @@ With the invitation required or Group Member option, admins can invite users or There are two ways to invite users to Organizations. Invite members (see [Manage users in Organizations](../../../snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md)) or automate the process using the Snyk [API Invite users endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-invite). -If users who have not been invited use SSO to log in, they will gain access to Snyk, but they will not see any Projects until an admin invites them or manually adds them to the applicable Organizations. You can provide a list of Organizations with the appropriate contact person so that new users can [request access](../../../snyk-platform-administration/groups-and-organizations/organizations/requests-for-access-to-an-organization.md). +If users who have not been invited use SSO to log in, they gain access to Snyk, but they do not see any Projects until an admin invites them or manually adds them to the applicable Organizations. You can provide a list of Organizations with the appropriate contact person so that new users can [request access](../../../snyk-platform-administration/groups-and-organizations/organizations/requests-for-access-to-an-organization.md). ## Custom mapping diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md index 905a44b51981..139440e9aab7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md @@ -24,7 +24,7 @@ The process of establishing trust between your identity provider (IdP) and Snyk {% hint style="info" %} After SSO is configured both from Snyk and your company's network, a trust relationship is established with Snyk, Auth0 (on behalf of Snyk), and your network. Any sensitive data is encrypted and stored in Auth0 only for the purposes of enabling user logins. -Although not all the examples following this page cover verifying the Snyk signature, it is recommended that you improve the trust relationship and ensure integrity even further. Follow your respective IdP's documentation to add SP signature verification where possible. +Although not all the examples following this page cover verifying the Snyk signature, Snyk recommends that you improve the trust relationship and ensure integrity even further. Follow your respective IdP's documentation to add SP signature verification where possible. {% endhint %} ## **User login** @@ -42,7 +42,7 @@ Users are [provisioned ](../choose-a-provisioning-option.md)to Snyk when they lo ### **Configuring Snyk** -1. In Step 2 of the SSO settings page in the Snyk web UI, enter the details collected from the IdP by providing the sign in URL, sign out URL if available and desired, the IdP signing certificate and domains and subdomains that will be served over the SSO connection. +1. In Step 2 of the SSO settings page in the Snyk web UI, enter the details collected from the IdP by providing the sign in URL, sign out URL if available and desired, the IdP signing certificate and domains and subdomains that are served over the SSO connection. 2. In case the connection requires HTTP-Redirect protocol binding, change that option from the default HTTP-POST. 3. Finally, verify if an IdP-initiated workflow should be enabled and then select **Create Connection** or **Save changes** if you are modifying an existing connection**.** diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md index f2d85f40c275..9462bce45fe9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md @@ -57,4 +57,4 @@ If you wish to add signature verification of the incoming Snyk request: 1. Download the **Signing certificate** at step 1 of the Snyk SSO settings. 2. Use the following openssl command to convert it to .cer-format `openssl x509 -outform DER -in snyk.pem -out snyk.cer` 3. At the bottom of the **SAML Certificates** settings of your SSO app in Active Directory, click **Edit** next to **Verification certificates.** -4. Check **Require verification certificates** and upload the certificate from the output of the above openssl command and click **Save**. +4. Check **Require verification certificates** and upload the certificate from the output of the preceding openssl command and click **Save**. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md index 7dbad7bd4643..6bb1bc74a9d5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md @@ -1,6 +1,6 @@ # Google Workspace setup -This example shows setting up an Google Workspace SAML application and connecting it to Snyk to facilitate SSO. +This example shows setting up a Google Workspace SAML application and connecting it to Snyk to facilitate SSO. For details in addition to the information provided on this page, see [Set up your own custom SAML app](https://support.google.com/a/answer/6087519). @@ -18,11 +18,11 @@ Start by logging into the Google Workspace [admin area](https://admin.google.com 4. Download the certificate and open it in your preferred text editor.
Download signing certificate

Download signing certificate

-5. Navigate to the Snyk portal, login and from the drop down at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings. +5. Navigate to the Snyk portal, log in, and from the dropdown at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings.
Open group view in Snyk

Open group view in Snyk

6. Click on **SSO**, scroll down to step 2, and paste the Google SSO URL from step 4 into **Sign in URL** and the certificate in your text editor into **X509 signing certificate**.\ - Add the domain name(s) you are configuring this connection for in **Email domains and subdomains that need SSO access**.\ + Add the domain names you are configuring this connection for in **Email domains and subdomains that need SSO access**.\ Verify if an **IdP-initiated workflow** should be enabled and then save your modifications
Enter details from Google Workspace

Enter details from Google Workspace

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md index 3acf4ff098eb..a6f26b0a84a7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md @@ -2,7 +2,7 @@ This example shows setting up an Okta SAML application and connecting this to Snyk to facilitate SSO. To configure your Okta to use SSO with Snyk, you need an entity ID and a reply URL (Assertion Consumer Service URL) from Snyk. -1. From the drop-down at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings. +1. From the dropdown at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings.
Select group overview

Select group overview

2. Click on **SSO** and copy the values under **Entity ID** and **ACS URL** or leave the browser tab open for easy access. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md index 1a60894b2c9a..09718effc6d0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md @@ -1,4 +1,4 @@ -# OneLogin SAML Application setup +# OneLogin SAML application setup This example shows setting up a SAML application in OneLogin and connecting this to Snyk to facilitate SSO. To configure your OneLogin to use SSO with Snyk, start by obtaining an entity ID and a reply URL (Assertion Consumer Service URL) from Snyk. @@ -14,7 +14,7 @@ This example shows setting up a SAML application in OneLogin and connecting this 4\. Filter by “saml” and select the **SAML Custom Connector (Advanced)** app. -
Select SAML Cusotm Connector (Advanced) app

Select SAML Cusotm Connector (Advanced) app

+
Select SAML Custom Connector (Advanced) app

Select SAML Cusotm Connector (Advanced) app

5\. Enter a **Display Name** for the app, for example, Snyk. Optionally, pick an icon. You can find the Snyk logo on Snyk’s [press kit](https://snyk.io/press-kit/) page. @@ -34,7 +34,7 @@ For the **Field name**, use **email**. Make sure the checkbox **Include in SAML On the next screen, select **Email** in the **Value** dropdown list. **Save**. -
Select Email form the value dropdown

Select Email form the value dropdown

+
Select Email from the value dropdown

Select Email form the value dropdown

Repeat the same steps for the **name** attribute. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md index e390fa7d319b..94c4e55c9c8f 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md @@ -25,7 +25,7 @@ Before configuring your Ping Identity Application to use SSO with Snyk, obtain a 7. Scroll further down and copy the **Single Signon Service** details.
Copy the Single Signon Service details

Copy the Single Signon Service details

-8. Return to the the Snyk portal and paste the single sign-in URL copied at step 2 into the **Sign in URL** field. \\ +8. Return to the Snyk portal and paste the single sign-in URL copied at step 2 into the **Sign in URL** field. \\
Paste Sign in URL

Paste Sign in URL

9. Open the downloaded certificate in your preferred text editor, copy the text and paste it into the Snyk **X509 signing certificate** field, and add the relevant domains that are supported by this SSO connection.\ @@ -34,7 +34,7 @@ Before configuring your Ping Identity Application to use SSO with Snyk, obtain a
Enter the Ping Identity details

Enter the Ping Identity details

10. In Ping Identity, select **Attribute mappings** and click the pencil to edit. -
Edit attribue mappings

Edit attribue mappings

+
Edit attribute mappings

Edit attribue mappings

11. Click the cog icon and add the following attributes: **email**: Email Address\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md index 33faa12676ce..81fb2cc55995 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md @@ -1,6 +1,6 @@ # Custom mapping -Custom mapping allows you to dynamically assign users to your Snyk Groups and Organizations based on data provided by your Identity Provider (IdP), in order to implement a scaled user provisioning and access model. +Custom mapping lets you dynamically assign users to your Snyk Groups and Organizations based on data provided by your Identity Provider (IdP), to implement a scaled user provisioning and access model. {% hint style="warning" %} Contact your Snyk account team or Snyk Support to turn on custom mapping once you have completed the setup steps. @@ -38,8 +38,8 @@ Role assertions should be provided to Snyk in the following format: Where: * `snyk` is a fixed prefix for role mapping. **Required**. -* `scope` can be one of `org`, `group`, or `tenant`. **Required**; if a role mapping does not contain a valid scope, it will be ignored. -* `target` can be a slug of an `org`, `group`, or `tenant` where the role will be granted. See [slugs](./#slugs) for more information. +* `scope` can be one of `org`, `group`, or `tenant`. **Required**; if a role mapping does not contain a valid scope, Snyk ignores it. +* `target` can be a slug of an `org`, `group`, or `tenant` where the role is granted. See [slugs](./#slugs) for more information. * **Optional**; may be an asterisk `*` or empty string `::`to apply as a [wildcard](./#wildcards) for all resources within the defined `scope` that are associated with the SSO connection. * **Optional**; an asterisk ( `*`) or an empty string can be used to apply to all resources **t**hat are associated with the SSO connection. * `role` is the normalized name of the required role. **Required**; if no role is present, the role mapping is ignored. See [Role normalized name](./#role-normalized-name) to find this information. @@ -54,20 +54,20 @@ Users must only have one role mapped per Organization, Group or Tenant. Mapping All users with any memberships within a Tenant must have a Tenant membership. If a user has a membership of an Organization, they must also have a Group Membership. -If only an Organization-level role assertion is provided for a given user, for example, then the user will automatically be assigned the **Tenant Member** and **Group Member** roles. These automatic assignments can be overridden by providing role assertions at the Group or Tenant level. +If only an Organization-level role assertion is provided for a given user, for example, then Snyk automatically assigns the user the **Tenant Member** and **Group Member** roles. You can override these automatic assignments by providing role assertions at the Group or Tenant level. Snyk recommends providing explicit Tenant level and Group level role assertions where needed, to ensure that users have the correct role on login. {% hint style="info" %} -An SSO connection may only be associated with one Tenant, and all users with any memberships within a tenant must also have a Tenant Membership. +An SSO connection can only be associated with one Tenant, and all users with any memberships in a tenant must also have a Tenant Membership. -Therefore, it may be easier to assign Tenant-level roles by using the wildcard syntax (see example below), since the SSO is only linked to the one Tenant. +Therefore, it may be easier to assign Tenant-level roles by using the wildcard syntax, since the SSO is only linked to the one Tenant. {% endhint %} ### Example role assertions -* `snyk:group:*:group_admin` Assigns the user the Group admin role for all groups associated with the SSO connection. -* `snyk:group::custom:sysadmin` Assigns the user the custom Group-level role `Sys Admin` for all groups associated with the SSO connection. +* `snyk:group:*:group_admin` Assigns the user the Group admin role for all Groups associated with the SSO connection. +* `snyk:group::custom:sysadmin` Assigns the user the custom Group-level role `Sys Admin` for all Groups associated with the SSO connection. * Note that `::` here indicates an empty string for the target, and so is treated as a wildcard in the preceding example. * Note that this Group-level custom role must be created manually before it can be assigned. * `snyk:org:my-default-org:org_admin` Assigns the user the **Organization Admin** Organization-level role for the Organization `my-default-org`. @@ -97,9 +97,9 @@ snyk:org:test-org-N58YhztauHcaMiNfvi5fbL:custom:developer_readonly" ``` {% endhint %} -These assertions will assign the user: +These assertions assign the user: -* The pre-defined Group-level role **Group Viewer** for all groups in the SSO. See [pre-defined roles](../../../../snyk-platform-administration/user-roles/pre-defined-roles.md) for the permission this grants +* The pre-defined Group-level role **Group Viewer** for all Groups in the SSO. See [pre-defined roles](../../../../snyk-platform-administration/user-roles/pre-defined-roles.md) for the permission this grants * The pre-defined Organization-level role **Organization Admin** for the Organization with the name **Development**. * The custom Organization-level role **Developer ReadOnly** for the Organization with the name **Test Org**, which has the slug `test-org-N58YhztauHcaMiNfvi5fbL`. @@ -116,11 +116,11 @@ roles: [ ] ``` -These role assertions will: +These role assertions: * Grant the user the pre-defined Organization-level role **Organization Admin** in the **Development** Organization. -* Grant the user the custom Organization-level role **Developer ReadOnly** on all other organizations within the SSO connection. -* Grant the user the pre-defined Group-level role **Group Member** on all groups in the SSO connection. For more details, see the note that follows. +* Grant the user the custom Organization-level role **Developer ReadOnly** on all other Organizations in the SSO connection. +* Grant the user the pre-defined Group-level role **Group Member** on all Groups in the SSO connection. For more details, see the note that follows. {% hint style="info" %} Any user that is granted a role in an Organization within the SSO without an explicit Group-level role in the role assertion, will also be implicitly assigned the **Group Member** Group-level role for that Group. This is the pre-defined Group-level role with the fewest permissions and ensures that the user becomes a member of the Group. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md index 0ae43b6c72bf..8433fd68a5de 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md @@ -1,6 +1,6 @@ # Examples: setting up custom mapping for IdPs -The following examples of how to set up a custom mapping for various identify providers are available here: +The following examples show how to set up a custom mapping for various identity providers: * [Example: Setting up custom mapping for Okta](example-setting-up-custom-mapping-for-okta.md) * [Example: Setting up custom mapping for Entra ID](example-setting-up-custom-mapping-for-entra-id.md) diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md index 4f5372214434..f4aa5a27001e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for an Okta OIDC app -Follow these steps configure an integration for OIDC Okta. +Follow these steps to configure an integration for OIDC Okta. ## Create an Okta OIDC app @@ -15,11 +15,11 @@ Follow these steps configure an integration for OIDC Okta. * If you are not using the Implicit Grant type, the client secret 4. Also, share with Snyk the Issuer URL/domain. This is typically the URL you find in your browser address bar without "-admin", for example, https://customer.example.okta.com. It can also be found under the **Sign-On** tab of your application by editing the **OpenID Connect ID Token** from **Dynamic** Issuer to **Okta URL**. -If you wish to set up custom mapping, move on to the next section of this guide. +To set up custom mapping, continue to the next section. ## Add custom mapping -[Custom mapping](../) for an OIDC application in Okta is easily managed through custom attributes on the Group level. +Manage [custom mapping](../) for an OIDC application in Okta through custom attributes at the Group level. ### Create a custom app user attribute to contain both the Snyk Organization name and role @@ -38,10 +38,10 @@ If you wish to set up custom mapping, move on to the next section of this guide. ### Assign the attribute to the relevant Okta groups 1. On the main page of Okta select **Directory** > **Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk OIDC app,. Then click on the pencil next to the displayed Snyk OIDC app. +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk OIDC app. Then click the pencil next to the displayed Snyk OIDC app.
Group selected for modicification

Group selected for modicification

-3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letter(s)), following the syntax explained in [custom mapping](../) (or [legacy custom mapping](../legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\\ +3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping](../) (or [legacy custom mapping](../legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\\
Adding Snyk roles

Adding Snyk roles

4. Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md index f359cee9f228..38c5bf5a655e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for Entra ID -The following information shows how to configure the custom mapping of roles for Entra ID (formerly Azure AD). +This page shows how to configure the custom mapping of roles for Entra ID (formerly Azure AD). {% hint style="info" %} See the [Entra ID Enterprise Application example](../../configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md) for guidance setting up the initial Enterprise application. @@ -14,7 +14,7 @@ The following are the prerequisites for configuring app roles: * If you select SAML, there is a requirement to add a custom claim; the step to do that is in these instructions. * You must have an existing Azure Enterprise application and app registration connected to that SSO configuration. -The **steps** in **configuring App role**s follow. +To configure app roles, follow these steps. 1. In your App registration menu, select the name of your Enterprise Application. @@ -39,9 +39,9 @@ The **steps** in **configuring App role**s follow. 6. Select **Users and groups**; from the dropdown, select a role and select **Assign**.\\
Add assignment

Add assignment

-7. Repeat for all required groups and roles that should be assigned. Then verify that the list looks similar to this.\\ +7. Repeat for all required groups and roles. Then verify that the list looks similar to this.\\ - Note that it is also possible to add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, this can not be used in conjunction with multiple App roles, as only one syntax will be respected (string or array). + You can also add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, you cannot use this with multiple App roles, as Snyk respects only one syntax (string or array).
Users and group list

Users and group list

8. If you have configured a SAML connection, add a custom claim to pass the roles array in the SAML payload to Snyk. Select **Single sign-on** in the left-hand menu. @@ -59,4 +59,4 @@ Ensure you add the claim correctly. If you do not add it or you do it incorrectl
Custom claim

Custom claim

-When you have completed these steps, reach out to your Snyk point of contact to have the configuration completed. +After you complete these steps, contact your Snyk point of contact to complete the configuration. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md index 01f6215bbe51..f0b0fa782327 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md @@ -1,10 +1,10 @@ # Example: setting up custom mapping for Google Workspace -The following shows how to use [custom mapping](../) to map roles for a Google Workspace custom SAML connection. +This page shows how to use [custom mapping](../) to map roles for a Google Workspace custom SAML connection. For additional details and guidance, see the [Google documentation, Manage Custom User Fields](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas). -To use the API, either log in to your Google Workspace admin area and from there execute the commands that follow , or for flexibility and automation, use the API with your preferred API client or script. To generate API credentials, refer to the Google documentation, [Create access credentials](https://developers.google.com/workspace/guides/create-credentials). +To use the API, either log in to your Google Workspace admin area and run the commands that follow, or, for flexibility and automation, use the API with your preferred API client or script. To generate API credentials, refer to the Google documentation, [Create access credentials](https://developers.google.com/workspace/guides/create-credentials). ## Add a user schema @@ -54,10 +54,11 @@ To expose these roles in the SAML payload, you must modify the attributes in the 1. Log in to your Google Workspace Admin area and go to **Apps** and then **Web and mobile apps** and open your application.
Open Google SAML app

Open Google SAML app

-2. Click on **SAML attribute mapping** and then **ADD MAPPING**. +2. Click **SAML attribute mapping** and then **ADD MAPPING**. 3. Click **Select field** and scroll to the bottom until you find **Snyk-SSO - roles** and select it. 4. In the **App attributes** value field, enter **roles** and click **Save**.
Adding custom mapping app attribute

Adding custom mapping app attribute

After this, log in as a user and have your Snyk contact validate the SAML payload and finalize the setup in the Snyk backend. + diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md index dac9d1ab8c63..17bd14285eb5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md @@ -1,12 +1,12 @@ # Example: setting up custom mapping for Okta -The following shows two different options for custom mapping of Okta roles, using [Legacy custom mapping](../legacy-custom-mapping.md). +This page shows two different options for custom mapping of Okta roles, using [legacy custom mapping](../legacy-custom-mapping.md). {% hint style="info" %} For both of these options to work, the Snyk SSO application must be assigned at the group level, not the user level. {% endhint %} -## Option 1: Assign Custom Mapping with Groups +## Option 1: Assign custom mapping with Groups In this configuration: @@ -38,13 +38,13 @@ When you look at a user's Application assignment it should look similar to the i ### Assign the attribute to the relevant Okta groups 1. On the main page of Okta select **Directory** > **Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app,. Then click on the pencil next to the displayed Snyk SSO app. -3. In the **Edit App Assignment** dialog, add the Snyk Organization slug, and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../)(or see [legacy custom mapping](../legacy-custom-mapping.md) if you are using that option). +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app. Then click the pencil next to the displayed Snyk SSO app. +3. In the **Edit App Assignment** dialog, add the Snyk Organization slug and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../)(or see [legacy custom mapping](../legacy-custom-mapping.md) if you are using that option). 4. Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group. ### Construct a value expression that creates a roles array to be sent to Snyk -1. Navigate to **Applications** > **Applications** and click on the **Snyk app** you configured. +1. Navigate to **Applications** > **Applications** and click the **Snyk app** you configured. 2. Select **General Tab** > **Edit SAML Settings** and click **next** to go to the **Configure SAML** step. 3. Add an **Attribute Statement** named “roles” of an unspecified type. 4. Select **Attribute Statements** and set **roles** as the **Name** field with **Name format** **Unspecified** and the **Value** in the following expression: @@ -53,16 +53,16 @@ When you look at a user's Application assignment it should look similar to the i 5. Reach out to your Snyk point of contact so they can complete the configuration. {% hint style="info" %} -If your Snyk representative lets you know that `Arrays.flatten(appuser.snyk_orgs)` is sent to Snyk, instead of the actual roles value(s), you must verify that the App is assigned at the Group level and not the user level. If both user and Group have been assigned, the individual assignment will take precedence, and the roles assignment will not work. Remove the individual assignment if this is the case. +If your Snyk representative lets you know that `Arrays.flatten(appuser.snyk_orgs)` is sent to Snyk, instead of the actual roles values, you must verify that the App is assigned at the Group level and not the user level. If both user and Group are assigned, the individual assignment takes precedence, and the roles assignment does not work. Remove the individual assignment if this is the case. {% endhint %} ## Option 2: Assign custom mapping with user roles -The following describes Custom Mapping with user roles. +The following describes custom mapping with user roles. {% hint style="warning" %} -These instructions show how to map roles using the [legacy custom mapping](../legacy-custom-mapping.md) option. To use Custom mapping, [option 1](example-setting-up-custom-mapping-for-okta.md#option-1-assign-custom-mapping-with-groups) is recommended.\ -Reach out to your Snyk point of contact if you have any questions +These instructions show how to map roles using the [legacy custom mapping](../legacy-custom-mapping.md) option. To use custom mapping, [option 1](example-setting-up-custom-mapping-for-okta.md#option-1-assign-custom-mapping-with-groups) is recommended.\ +Reach out to your Snyk point of contact if you have any questions. {% endhint %} * Okta groups are mapped to Snyk Organizations. @@ -87,7 +87,7 @@ When your Snyk Groups and users have been set up, follow these steps: **Display name**: Snyk Orgs\ **Variable name**: snyk\_orgs\ **Group Priority**: Combine values across groups -4. select **Save and Add Another**. +4. Select **Save and Add Another**. ### Create a second app attribute that contains roles @@ -106,24 +106,24 @@ When your Snyk Groups and users have been set up, follow these steps: ### Assign the first attribute to your Okta groups 1. On the main page of Okta select **Directory > Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application i**f not already assigned, and choose your Snyk SSO app. Then click on the pencil next to the displayed Snyk app. -3. In **Edit App Assignment** dialog, add the Snyk Organization name to associate with your Okta group (no spaces or capital letter(s)). +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app. Then click the pencil next to the displayed Snyk app. +3. In **Edit App Assignment** dialog, add the Snyk Organization name to associate with your Okta group (no spaces or capital letters). 4. Repeat the preceding steps to assign the Snyk app to all your applicable Okta groups, modifying the Snyk Organization name as needed. ### Assign the second attribute to your users 1. On the main page of Okta select **Directory** > **People.** -2. Select a **User,** navigate to the **Applications** tab, and click on the pencil next to the application. +2. Select a **User,** navigate to the **Applications** tab, and click the pencil next to the application. 3. Select the right user type in group (user role): **Collaborator**, **Admin**, or **Group Admin**. ### Construct a value expression that concatenates these two attributes into string values in a roles array to be sent to Snyk -1. Navigate to **Applications** > **Applications** and click on the **Snyk app** you configured. +1. Navigate to **Applications** > **Applications** and click the **Snyk app** you configured. 2. Select **General Tab** > **SAML Settings** > **Edit** and click **next** to go to the Configure SAML step. 3. Select **Attribute Statements** and add an attribute named **roles** with **Name format** **Unspecified** and the **Value** in the following expression:\ `appuser.user_role == "groupadmin" ? "snyk-groupadmin" : Arrays.flatten(String.replace(String.replace(String.append("snyk-",String.append(Arrays.toCsvString(appuser.snyk_orgs),"-"+appuser.user_role)),",",",snyk-"),",","-"+appuser.user_role+","))` 4. Click **Next** > **Finish.** -5. Reach out to your Snyk point of contact so they can complete the configuration. This process may take four to five days. +5. Reach out to your Snyk point of contact so they can complete the configuration. This process can take four to five days. The following explains the roles expression: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md index 282eead8339b..91022978432f 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md @@ -4,14 +4,14 @@ This example shows how to configure user roles after you have [configured OneLog OneLogin has the concept of groups and roles. However, OneLogin does not support the assignment of multiple groups to a user. -Therefore, roles will be assigned to users directly instead of indirectly through groups. +Therefore, assign roles to users directly instead of indirectly through groups. -1. In OneLogin, go to the **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../). Each role should have the Snyk SAML app enabled as the role app.\ +1. In OneLogin, navigate to **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../). Each role must have the Snyk SAML app enabled as the role app.\ Assign the users to their roles as needed.
OneLogin Roles section

OneLogin Roles section

-2. To transfer the user roles in the SAML assertion to Snyk, go to **Applications**, select the Snyk SAML app, and select the **Parameters** section on the left.\\ +2. To transfer the user roles in the SAML assertion to Snyk, navigate to **Applications**, select the Snyk SAML app, and select the **Parameters** section.\\
OneLogin Applications Parameters

OneLogin Applications Parameters

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md index cb9d2ac85c0d..66dbdcca2bf3 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for Ping Identity -This page explains how to configure the custom mapping of roles for Ping Identity using [Legacy custom mapping](../legacy-custom-mapping.md). +This page explains how to configure the custom mapping of roles for Ping Identity using [legacy custom mapping](../legacy-custom-mapping.md). {% hint style="info" %} This guide assumes your Ping Identity application is configured and functional. @@ -13,12 +13,12 @@ Any step on the Snyk side in setting up the Enterprise application must be perfo 1. In your application configuration, select **Attribute mappings** and click the pencil to edit the attributes.
Edit mapping attributes

Edit mapping attributes

-2. Select **+Add** and enter the following attribute, then save the change,\ +2. Select **+Add**, enter the following attribute, then save the change.\ **roles**: `Group Names`\\
Add roles array

Add roles array

-3. In the left menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [Cusom Mapping Option](../) page. +3. In the menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [custom mapping option](../) page.
Adding an example Group

Adding an example Group

-4. If you so not select a **Population** at the bottom of the previous screen, ensure that you assign the Group to the user(s) who should be part of the role assignment in Snyk. If you select a **Population**, all users in that population will inherit the permissions of the assigned Snyk role. +4. If you do not select a **Population** on the previous screen, ensure that you assign the Group to the users who should be part of the role assignment in Snyk. If you select a **Population**, all users in that population inherit the permissions of the assigned Snyk role. 5. To finalize the process, reach out to your Snyk contact to validate that the SAML payload contains the role array and to enable the custom mapping feature. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md index 56c030780ec2..d21e341e16dc 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md @@ -5,7 +5,7 @@ To configure this option, send the `roles` array within the SAML attributes or O snyk-groupadmin * This role mapping assigns users with the Group Admin role. -* **groupadmin** configures all users with this role as a Group Admin all Group(s) that the user is assigned to, which grants Organization Admin permissions to all Organizations that fall under the Group(s). +* **groupadmin** configures all users with this role as a Group Admin in all Groups that the user is assigned to, which grants Organization Admin permissions to all Organizations that fall under the Groups. snyk-groupviewer @@ -13,8 +13,8 @@ snyk-groupviewer snyk-{groupID} -* This role mapping assigns users with the Org Collaborator roles for all Organizations underneath the specified Group(s). -* **groupID** is the ID string for a group in Snyk. This can be found in the snyk URL at the Group level: `https://app.snyk.io/group/` or **Group dropdown -> Settings -> General -> Group ID**. +* This role mapping assigns users with the Org Collaborator roles for all Organizations underneath the specified Groups. +* **groupID** is the ID string for a Group in Snyk. You can find it in the Snyk URL at the Group level: `https://app.snyk.io/group/` or **Group dropdown -> Settings -> General -> Group ID**. snyk-{orgslug}-{role} @@ -34,12 +34,12 @@ Users must only have one role mapped per Organization. Mapping multiple roles fo ### Tenant-level role assertions {% hint style="info" %} -With the introduction of Tenants, Snyk has added new possible role assertions at a Tenant level, enabling customers to assign Tenant-level roles. +With the introduction of Tenants, Snyk has added new possible role assertions at a Tenant level, letting customers assign Tenant-level roles. {% endhint %} The following role mappings assign users a tenant role. -Only one Tenant-Level assertion may be provided for each user. If no Tenant-level assertion is provided, the user will be granted the **Tenant Member** role if they do not already have a Tenant-level membership. +You can provide only one Tenant-level assertion for each user. If you provide no Tenant-level assertion, the user receives the **Tenant Member** role if they do not already have a Tenant-level membership. snyk-tenantadmin @@ -132,7 +132,7 @@ The following example shows how to assign roles to Snyk users under the mapping * The Business Development team needs access to the ABC group and only the Partner-Plugins Organization as Org Admin. * Engineering needs access to the ABC Group, the Application-SecurityScanner1 Organization as Org Admin, Partner-Plugins Organization as Org Admin, and Application-Payments as Org Collaborator. * Security needs access to the ABC group as Group Admin and all three organizations as Org Admin. - * The Product team needs access to the ABC group and all three organizations as Org Collaborator, + * The Product team needs access to the ABC group and all three organizations as Org Collaborator. For the Business Development Team, Snyk uses the snyk-{orgslug}-{role} mapping: @@ -166,7 +166,7 @@ For the Security Team, Snyk uses the snyk-groupadmin mapping: } ``` -For the Product Team, Snyk uses the snyk-{groupID} mapping, where the value of groupID must be inserted; +For the Product Team, Snyk uses the snyk-{groupID} mapping, where you must insert the value of groupID: ``` { diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md index f181c240fb40..c00d0ce7efe2 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md @@ -10,4 +10,4 @@ To migrate identity providers: To prevent new users from being created within Snyk, you must maintain your SAML protocol and use both the same Entity ID and ACS URL. If you are changing SAML protocols, [contact Snyk Support](https://support.snyk.io). -After you have done this, the Support team will contact you and confirm the updated metadata has granted access through the new IdP. +After you have done this, the Support team contacts you and confirms the updated metadata has granted access through the new IdP. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md index acfc13c7b949..fc18a3b418cf 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md @@ -1,10 +1,10 @@ # Set up Snyk Single Sign-On (SSO) -Set up Single Sign-On (SSO) to allow your developers and teams easy access to Snyk through your existing SSO provider. +Set up Single Sign-On (SSO) to give your developers and teams access to Snyk through your existing SSO provider. The information you need to establish trust between Snyk and the identity provider depends on which type of SSO you are using. -Ensure you have at least one Group and Organization to indicate where new users will be assigned. For details, see [Manage Groups and Organizations](../../../snyk-platform-administration/groups-and-organizations/). +Ensure you have at least one Group and Organization to indicate where Snyk assigns new users. For details, see [Manage Groups and Organizations](../../../snyk-platform-administration/groups-and-organizations/). {% hint style="info" %} After you gather the needed information identified in the following sections, create a support ticket to request SSO setup. @@ -22,7 +22,7 @@ The process of establishing trust between your identity provider (IdP) and Snyk * Use the link provided by Snyk to generate a payload. * After Snyk finalizes the connection, confirm the login process is working correctly. -Users are provisioned to Snyk when they log in. If an invitation is required, users may only see a list of your Organizations until the admin adds them to the appropriate Organizations. +Snyk provisions users when they log in. If an invitation is required, users see only a list of your Organizations until the admin adds them to the appropriate Organizations. After SSO is configured both from Snyk and your company's network, a trust relationship is established with Snyk, Auth0 (on behalf of Snyk), and your network. Any sensitive data is encrypted and stored in Auth0 only for the purposes of enabling user logins. @@ -172,7 +172,7 @@ To complete your login: ## Resources for SSO setup -These worksheets include the information to enter in your Identity provider and the information you need to collect before submitting a ticket to Snyk Support to request single sign-on. Please make sure you replace any Snyk URL with the correct regional environment per the tables above. +These worksheets include the information to enter in your Identity provider and the information you need to collect before submitting a ticket to Snyk Support to request single sign-on. Ensure you replace any Snyk URL with the correct regional environment per the preceding tables. {% file src="../../../.gitbook/assets/SSO Azure Worksheet (3).pdf" %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md index 196ee3c655a3..4b342b84ceb7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md @@ -6,7 +6,7 @@ Snyk Broker is available only for Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Broker is an open-source tool that acts as a proxy between Snyk and source integrations, allowing for access by [snyk.io](http://snyk.io/) to scan your code and return results to you. The Broker allows Snyk to connect to remote resources in private repositories, leaving credentials inside the customer's network. +Snyk Broker is an open-source tool that acts as a proxy between Snyk and source integrations, letting [snyk.io](http://snyk.io/) access and scan your code and return results to you. The Broker lets Snyk connect to remote resources in private repositories, leaving credentials inside the customer's network. The diagram that follows illustrates the basic components. @@ -14,17 +14,17 @@ The diagram that follows illustrates the basic components. ## How Snyk Broker works -Snyk Broker includes a Server and a Client, the basic components that are the same across all integrations. The Broker Server runs on the Snyk SaaS backend and is provided by Snyk; no installation is required. You will install the Broker client and deploy it in your infrastructure. +Snyk Broker includes a Server and a Client, the basic components that are the same across all integrations. Snyk provides the Broker Server, which runs on the Snyk SaaS backend, so no installation is required. You install the Broker client and deploy it in your infrastructure. The Broker client and server act together, sending requests by proxy from [snyk.io](http://snyk.io/) to a repository or Jira, fetching the files needed for scanning from repositories and fetching results using webhooks posted by the SCM service. -The Broker client runs within your internal network, keeping sensitive data such as SCM tokens within the network perimeter. The Broker connection allows for scanning using only requests on an approved data list. This narrows the access permissions to the absolute minimum required for Snyk to monitor a repository. For more information, see [Approved data list for Snyk Broker](broker-inbound-and-outbound-connections-and-allowed-requests.md#approved-data-list-for-snyk-broker). +The Broker client runs within your internal network, keeping sensitive data such as SCM tokens within the network perimeter. The Broker connection allows scanning using only requests on an approved data list. This narrows the access permissions to the minimum required for Snyk to monitor a repository. For more information, see [Approved data list for Snyk Broker](broker-inbound-and-outbound-connections-and-allowed-requests.md#approved-data-list-for-snyk-broker). -Using Snyk Broker allows you to manage a fixed private IP for your integration that targets the Broker. +Using Snyk Broker, you can manage a fixed private IP for your integration that targets the Broker. All data, both in transit and at rest, is encrypted. There is no need to open incoming ports; the communication is initiated outbound. After the connection is initiated, the secure WebSocket connection is bidirectional between the Client and the Server. -SCM integrations with Broker Support Snyk Code, Open Source, Container, IaC, and Essentials. +SCM integrations with Broker support Snyk Code, Open Source, Container, IaC, and Essentials. ## Integrations supported by Snyk Broker diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md index c62308db280f..0a66c1cd4bf9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md @@ -26,7 +26,7 @@ Thus you do not need to allow inbound connections to the Broker Client from Snyk ### Approved data list for Snyk Broker -The Broker Client maintains an approved data list for inbound and outbound requests. Only data on this approved list may be requested. This narrows the access permissions to the absolute minimum required for Snyk to monitor a repository. +The Broker Client maintains an approved data list for inbound and outbound requests. You can request only data on this approved list. This narrows the access permissions to the minimum required for Snyk to monitor a repository. ### Inbound requests allowed @@ -48,4 +48,4 @@ Webhook notifications are delivered to Snyk through the Broker Client only for e ### Default approved data list and `accept.json` file -On occasion, you may need to [add and configure an `accept.json`](classic-broker/snyk-broker-infrastructure-as-code-detection.md) file in your Broker deployment. Doing this will remove the ability to apply ACCEPT rules when starting the Broker. +On occasion, you might need to [add and configure an `accept.json`](classic-broker/snyk-broker-infrastructure-as-code-detection.md) file in your Broker deployment. Doing this removes the ability to apply ACCEPT rules when starting the Broker. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md index 8b02740f5de1..25bac00f7f94 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md @@ -4,7 +4,7 @@ You can choose to use the same brokered Git integration across multiple Organiza For example, you can integrate Snyk Organizations X, Y, and Z with your single Git repo X. -To clone Organization configurations, you must have teams and groups enabled. +To clone Organization configurations, you must have teams and Groups enabled. 1. From the **Organization** list, choose an Organization in the Group that you are working with.\ Choose Organization @@ -13,8 +13,8 @@ To clone Organization configurations, you must have teams and groups enabled.
Select +Create new Organization

Select +Create new Organization

3. In the next window, enter a name for your new Organization. 4. In the **Copy settings from an existing org** section, choose an Organization that you have already configured for the Broker token. -5. Review the summary of what will be copied across to the new Organization and click **Create organization** to confirm. +5. Review the summary of what Snyk copies to the new Organization and click **Create organization** to confirm. -
Review summary of what will be copied to the new Organization and Create

Review summary of what will be copied to the new Organization and Create

+
Review summary of what will be copied to the new Organization and Create

Review summary of what Snyk copies to the new Organization and Create

-The **Dashboard** for the Organization that you just created opens. The Broker integration is duplicated and set up, and the Broker token is identical to the token for the original Organization. +The **Dashboard** for the Organization that you created opens. The Broker integration is duplicated and set up, and the Broker token is identical to the token for the original Organization. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md index e1998aed510d..3e85742059f7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md @@ -7,14 +7,14 @@ Snyk Broker is an open-source tool that acts as a proxy between Snyk and special For comprehensive information about Snyk Broker, including how it works, how to deploy it, commit signing, upgrading, and troubleshooting, see the full [Snyk Broker user documentation](../../). {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} ## **Deployment options**
Install Snyk Broker with the Broker Helm Chart. For details, see Install and configure Broker using Helm.install-and-configure-broker-using-helm.md
Install Snyk Broker using the Docker images provided by Snyk. For details, see Install and configure Broker using Docker.install-and-configure-broker-using-docker.md
-Alternatively, you can use the binaries available for [each Github release](https://github.com/snyk/broker/releases). However, this approach falls outside of Snyk product support and is made available only for specific use cases where containers cannot be used. The containerized version is strongly recommended. +Alternatively, you can use the binaries available for [each GitHub release](https://github.com/snyk/broker/releases). However, this approach falls outside of Snyk product support and is available only for specific use cases where you cannot use containers. The containerized version is strongly recommended. ## Additional information for developers diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md index df6bcbde39d4..007e241f3817 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md @@ -1,6 +1,6 @@ # Custom additional options for Broker Helm Chart installation -If you need to inject additional option(s) using environment variables, use the `override.yaml` value file to add any additional environment variable(s) you may need. +If you need to inject additional options using environment variables, use the `override.yaml` value file to add any additional environment variables you need. Adding the `--values override.yaml` will load those values into your deployment. For example: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md index 6684b0676cfb..8cd7cce2f283 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md @@ -2,15 +2,15 @@ ## Helm chart versions 2.x.x -Helm chart versions 2.x.x automatically adds a suffix to all object name based on the release name. Simply use different release name for each broker you want to add into the same namespace. +Helm chart versions 2.x.x automatically add a suffix to all object names based on the release name. Use a different release name for each Broker you want to add to the same namespace. {% hint style="info" %} -For backward compatibility, 2.1.0 introduces a disableSuffixes flag to revert to the 1.x.x behavior listed below, by simply adding --set disableSuffixes=true or disableSuffixes=true in your values file. +For backward compatibility, 2.1.0 introduces a disableSuffixes flag to revert to the 1.x.x behavior listed in the following section. Add --set disableSuffixes=true or disableSuffixes=true in your values file. {% endhint %} ## Helm chart versions 1.x.x -To deploy an additional Broker into the same namespace as an existing broker, follow these examples. +To deploy an additional Broker into the same namespace as an existing Broker, follow these examples. ### Deploy with existing service account diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md index 1bb819eb7371..14197f71dc01 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md @@ -4,4 +4,4 @@ You can choose to use your own container registry and tag instead of the public If your container registry requires an image pull secret, you can specify an image secret. -Note that the Image Pull Secret is NOT created by the chart; rather, the image Pull Secret is expected to be present on your cluster. +Note that the chart does not create the Image Pull Secret. The Image Pull Secret must already be present on your cluster. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md index eeac859c9f9d..416669cde5d4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md @@ -1,6 +1,6 @@ # Ingress options with Snyk Broker Helm installation -When you are setting up the Broker using Helm, you may need to configure the `brokerClientUrl` parameter. This parameter enables PR Checks if you are connecting to an SCM and enables connecting to Container Registries. +When you set up the Broker using Helm, you might need to configure the `brokerClientUrl` parameter. This parameter enables PR Checks if you connect to an SCM and lets you connect to Container Registries. For this connection to happen, there must be inbound connectivity from the SCM or Container Registry to the Broker. Kubernetes manages this inbound connectivity through ingress. @@ -8,7 +8,7 @@ Ingress is a way to route incoming network traffic to specific services in a Kub There are two options available for ingress traffic. By default, the pods are not accessible from outside the cluster. -To enable a load balancer, add the `--set service.=LoadBalancer`. Allowed values are `brokertype`, `crType`, and `caType`. Servicet ype refers to the type of Broker you are running. +To enable a load balancer, add the `--set service.=LoadBalancer`. Allowed values are `brokertype`, `crType`, and `caType`. Service type refers to the type of Broker you are running. Example for Github: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md index a534fe20d392..45a773cc4ac1 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md @@ -2,20 +2,20 @@ description: Usage of this mode is discouraged. --- -# Insecure Downstream Mode +# Insecure downstream mode -In some situations, you may need to use only HTTP for your downstream connection. These cases are relatively infrequent and usually occur because of historical http-only setups. Snyk recommends upgrading to use HTTPS instead. +In some situations, you might need to use only HTTP for your downstream connection. These cases are infrequent and usually occur because of historical HTTP-only setups. Snyk recommends upgrading to use HTTPS instead. -In the cases where this is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM/JIRA/others to take place over HTTP instead of HTTPS. +If upgrading is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM, JIRA, or other service to take place over HTTP instead of HTTPS. -You should avoid using this mode in most cases; it is opt-in. It makes all requests go over HTTP, thus without the benefit of the safety of TLS encryption. This mode means all your credentials and data will appear unencrypted, which is tolerable only in tightly-secured networks. +In most cases, avoid this mode; it is opt-in. It makes all requests go over HTTP, without the benefit of TLS encryption. This mode means all your credentials and data appear unencrypted, which is tolerable only in tightly secured networks. Use the [Custom additional options for Broker Helm Chart installation](custom-additional-options-for-broker-helm-chart-installation.md) to inject this environment variable: `--set env[0].name=INSECURE_DOWNSTREAM --set env[0].value="true"` {% hint style="warning" %} -Using HTTP is highly insecure. Your data and credentials will transit in the clear over the network exchanges. +Using HTTP is highly insecure. Your data and credentials transit in the clear over the network exchanges. -Snyk is not responsible for any credential leaks that may occur as a result of the use of HTTP. +Snyk is not responsible for any credential leaks that occur as a result of the use of HTTP. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md index 869ae17c7626..f2520d9762c3 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md @@ -4,7 +4,7 @@ Beginning with version `2.8.0` of the Snyk Broker Helm Chart, external secrets a To enable this functionality, set `useExternalSecrets` to `true` in `values.yaml` or `--set externalSecrets=true`. -To obtain a list of required secrets, perform a dry run of a Helm installation. This will not make any changes to your Kubernetes environment, but does require the following: +To obtain a list of required secrets, perform a dry run of a Helm installation. This does not make any changes to your Kubernetes environment, but does require the following: ``` helm install snyk-broker-chart \ @@ -14,7 +14,7 @@ helm install snyk-broker-chart \ --dry-run=client ``` -A list of secrets with their expected names and values will be generated. The following example uses `scmType=nexus` : +Snyk generates a list of secrets with their expected names and values. The following example uses `scmType=nexus`: ``` ### Secret Creation Disabled ### @@ -28,7 +28,7 @@ Ensure secrets are present on your cluster in the default namespace: -> nexus-broker-client-validation-url-snyk-broker-chart:nexus-broker-client-validation-url ``` -In this example, four secrets must exist within the same namespace to which the Broker will be installed, each containing one key-value pair. Any values that are shown in `<>` characters are indicators to add your own secret data. +In this example, four secrets must exist in the same namespace to which the Broker is installed, each containing one key-value pair. Any values shown in `<>` characters are indicators to add your own secret data. ## Renaming secrets and keys @@ -64,16 +64,16 @@ brokerTokenSecret: key: org-x-broker-token ``` -The Helm Chart will reference the contents under the `org-x-broker-token` key in Secret `snyk-broker-secrets` for the Broker token. +The Helm Chart references the contents under the `org-x-broker-token` key in Secret `snyk-broker-secrets` for the Broker token. ## Partial external secrets -When `useExternalSecrets` is true, the Broker Helm Chart will check whether a value is provided for a secret (for example, `brokerToken=`) +When `useExternalSecrets` is true, the Broker Helm Chart checks whether you provide a value for a secret (for example, `brokerToken=`) * If a value exists, create a secret as usual. * If no value exists, look for an external secret. -By this means, some secrets may be controlled by the Broker Helm chart, and others controlled externally: +By this means, the Broker Helm chart can control some secrets, and you can control others externally: ``` scmType: github-com @@ -82,12 +82,12 @@ useExternalSecrets: true githubToken: "" ``` -This set of values will: +This set of values does the following: -* Create a secret for the provided Broker token -* Reference an external secret for the required GitHub token +* Creates a secret for the provided Broker token +* References an external secret for the required GitHub token -Performing a dry run of a Helm installation will provide the required secret names and keys: +Performing a dry run of a Helm installation provides the required secret names and keys: ``` ### Secret Creation Disabled ### @@ -102,7 +102,7 @@ Note the Broker token secret is excluded from this list as a value is directly p ## Using a single external secret with multiple keys -A single Kubernetes secret may contain all required credentials for the Snyk Broker to operate. Using a Broker of type `nexus` as an example, assume this secret is present in Kubernetes: +A single Kubernetes secret can contain all required credentials for the Snyk Broker to operate. Using a Broker of type `nexus` as an example, assume this secret is present in Kubernetes: ``` apiVersion: v1 diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md index 2a1257c04eb3..bb935e6ccb0a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md @@ -4,9 +4,9 @@ This applies only to Github and Github Enterprise Broker integrations. {% endhint %} -When large manifest files are detected by Snyk, it is sometimes necessary to use a different method (different SCM endpoint) to retrieve the file. Since the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. +When Snyk detects large manifest files, you sometimes must use a different method (a different SCM endpoint) to retrieve the file. Because the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. -To add this rule easily, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: +To add this rule, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: ```console --set 'env[0].name=ACCEPT_LARGE_MANIFESTS' \ @@ -14,5 +14,5 @@ To add this rule easily, allowing the Broker client to retrieve the larger manif ``` {% hint style="info" %} -If you are using other custom environment variables, you may need to adjust the 0 index in this code to avoid having any of the environment variables overwrite each other. +If you use other custom environment variables, you might need to adjust the 0 index in this code to avoid having any of the environment variables overwrite each other. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md index e76c09978a3f..653e0db33313 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md @@ -18,7 +18,7 @@ docker run --restart=always \ snyk/broker:bitbucket-server ``` -Beginning with [Broker version 4.166.0 (2023-10-10)](https://github.com/snyk/broker/releases/tag/v4.166.0), the custom CA cert instruction is `NODE_EXTRA_CA_CERTS` and this must be set as shown in order to use a custom CA. The `CA_CERT` environment variable is no longer in use for this purpose. +Beginning with [Broker version 4.166.0 (2023-10-10)](https://github.com/snyk/broker/releases/tag/v4.166.0), the custom CA cert instruction is `NODE_EXTRA_CA_CERTS` and you must set this as shown to use a custom CA. The `CA_CERT` environment variable is no longer in use for this purpose. Note that this completely replaces the default CA Certificate List for any requests made to your backend system, so this must be the complete chain required by the certificate used by the backend system. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md index db61d30eb48e..a9db71a66b09 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md @@ -28,7 +28,7 @@ For Artifactory, the auth method is configured in the `.env` file by default: ARTIFACTORY_URL=:@/artifactory ``` -For GitHub, the auth meth is part of the `origin` field in the `accept.json` file: +For GitHub, the auth method is part of the `origin` field in the `accept.json` file: ```json { @@ -42,7 +42,7 @@ For GitHub, the auth meth is part of the `origin` field in the `accept.json` fil } ``` -You can override the authentication method. Valid values for `scheme` are `bearer`, `token`, and `basic`, which set the Authorization header to `Bearer`, `Token`, and `Basic` respectively. If a bearer token is preferred, the `accept.json` file can be configured as such: +You can override the authentication method. Valid values for `scheme` are `bearer`, `token`, and `basic`, which set the Authorization header to `Bearer`, `Token`, and `Basic` respectively. If you prefer a bearer token, configure the `accept.json` file as follows: ```json { diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md index e5e7a6282f74..aa10d0aeb6f5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md @@ -1,6 +1,6 @@ # Credential pooling with Docker and Helm -Under some circumstances it can be desirable to create a "pool" of credentials, for example, to work around rate-limiting issues. You can do this by creating an environment variable ending in `_POOL`, separating each credential with a comma. The Broker Client will then, when doing variable replacement, look to see if the variable in use has a variant with a `_POOL` suffix, and if so, use the next item in that pool. For example, if you have set the environment variable `GITHUB_TOKEN`, but want to provide multiple tokens, you would do this instead: +Under some circumstances, you might want to create a "pool" of credentials, for example, to work around rate-limiting issues. To do this, create an environment variable ending in `_POOL`, separating each credential with a comma. When doing variable replacement, the Broker Client looks to see whether the variable in use has a variant with a `_POOL` suffix, and if so, uses the next item in that pool. For example, if you set the environment variable `GITHUB_TOKEN` but want to provide multiple tokens, do this instead: ``` GITHUB_TOKEN_POOL=token1, token2, token3 @@ -8,17 +8,17 @@ GITHUB_TOKEN_POOL=token1, token2, token3 You can add this as env var + value in the Helm Chart. -Then the Broker Client would, any time it needed `GITHUB_TOKEN`, instead take an item from the `GITHUB_TOKEN_POOL`. +Then, any time the Broker Client needs `GITHUB_TOKEN`, it instead takes an item from the `GITHUB_TOKEN_POOL`. Credentials are taken in a round-robin fashion, so the first, the second, the third, and so on, until the Broker Client reaches the end and then takes the first credential again. -Calling the `/systemcheck` endpoint will validate all credentials, in order, and will return an array where the first item is the first credential, and so on. For example, if you were running the GitHub Client and have this: +Calling the `/systemcheck` endpoint validates all credentials, in order, and returns an array where the first item is the first credential, and so on. For example, if you run the GitHub Client and have this: ``` GITHUB_TOKEN_POOL=good_token, bad_token ``` -The `/systemcheck` endpoint would return the following, where the first object is for `good_token` and the second for `bad_token`: +The `/systemcheck` endpoint returns the following, where the first object is for `good_token` and the second for `bad_token`: ``` [ @@ -41,19 +41,19 @@ The `/systemcheck` endpoint would return the following, where the first object i ] ``` -The credentials are masked. However, note that if your credentials contain six (6) or fewer characters, they will be completely replaced with the mask. +The credentials are masked. However, note that if your credentials contain six or fewer characters, the mask completely replaces them. ## **Limitations of credential pooling** -Credential validity is not checked before using a credential, nor are invalid credentials removed from the pool, so it is _strongly_ recommended that credentials be used exclusively by the Broker Client to avoid credentials reaching rate limits at different times, and that the `/systemcheck` endpoint be called before use. +The Broker Client does not check credential validity before using a credential, nor does it remove invalid credentials from the pool. Snyk _strongly_ recommends that only the Broker Client use the credentials, to avoid credentials reaching rate limits at different times, and that you call the `/systemcheck` endpoint before use. -Some providers, such as GitHub, do rate-limiting on a per-user basis, not a per-token or per-credential basis, and in those cases you will need to create multiple accounts with one credential per account. +Some providers, such as GitHub, do rate-limiting on a per-user basis, not a per-token or per-credential basis, and in those cases you must create multiple accounts with one credential per account. ## **Credentials matrix** Generating a Matrix of credentials is not supported. -A "Matrix" in this case is defined as taking two (or more) `_POOL`s of length `x` and `y`, and producing one final pool of length `x * y`. For example, given an input like: +A "Matrix" in this case means taking two or more `_POOL`s of length `x` and `y`, and producing one final pool of length `x * y`. For example, given an input like: ``` USERNAME_POOL=u1, u2, u3 diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md index 6bd55a5f2105..a1b6b55e1258 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md @@ -4,17 +4,17 @@ description: Usage of this mode is discouraged. # Insecure downstream mode -In some situations, you may need to use only `http` for your downstream connection. These cases are infrequent and usually occur because of historical `http-`only setups. Snyk recommends upgrading these setups to use `https` instead. +In some situations, you might need to use only `http` for your downstream connection. These cases are infrequent and usually occur because of historical `http-`only setups. Snyk recommends upgrading these setups to use `https` instead. If upgrading is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM, JIRA, or other service to take place over `http` instead of `https`. -In most cases, you should avoid insecure downstream mode, and to use it, you must opt-in.\ +In most cases, avoid insecure downstream mode; to use it, you must opt in.\ Insecure downstream mode makes all requests go over `http`, thus no longer benefitting from the safety of TLS encryption. Insecure downstream mode means all your credentials and data will appear unencrypted, which is only tolerable in tightly secured networks. Export the environment variable `INSECURE_DOWNSTREAM="true"` to use this mode, passing it as an environment value using the `-e INSECURE_DOWNSTREAM="true"` option. {% hint style="warning" %} -Using HTTP is highly insecure! Your data and credentials will be transmitted in clear form over the network exchanges. +Using HTTP is highly insecure. Snyk transmits your data and credentials in clear form over the network exchanges. Snyk is not responsible for any credential leaks that may occur as a result of the use of an insecure downstream mode. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md index 688aa20f8f26..1a5f7a6a6d2a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md @@ -1,7 +1,7 @@ # Mounting secrets with Docker -Sometimes it is required to load sensitive configurations, the GitHub or Snyk token, from a file instead of from environment variables. Broker is using [dotenv](https://www.npmjs.com/package/dotenv) to load the config, so the process is relatively simple: +Sometimes you must load sensitive configurations, such as the GitHub or Snyk token, from a file instead of from environment variables. Broker uses [dotenv](https://www.npmjs.com/package/dotenv) to load the config, so the process is straightforward: * Create a file named `.env` and put your sensitive configuration there. -* Mount this file, for example, using a [Kubernetes secret](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)). Mount the file to be somewhere like `/broker`. -* Change the workdir of the docker image to be `/broker/`. An example of such file is located in your broker container at $HOME/.env. +* Mount this file, for example, using a [Kubernetes secret](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume). Mount the file to somewhere like `/broker`. +* Change the workdir of the Docker image to `/broker/`. An example of such a file is located in your Broker container at $HOME/.env. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md index a52bf3d96b9e..df1433b534ef 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md @@ -1,12 +1,12 @@ # Snyk Open Source Scans (SCA) of large manifest files, Docker setup {% hint style="info" %} -This applies only to Github and Github Enterprise Broker integrations. +This applies only to GitHub and GitHub Enterprise Broker integrations. {% endhint %} -When large manifest files are detected by Snyk, it is sometimes necessary to use a different method (different SCM endpoint) to retrieve the file. Since the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. +When Snyk detects large manifest files, you sometimes need to use a different method (a different SCM endpoint) to retrieve the file. Because the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. -To add this rule easily, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: +To add this rule, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: ```console -e ACCEPT_LARGE_MANIFESTS=true diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md index 0fedb34cf748..d3a2f86fa3fc 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md @@ -18,12 +18,12 @@ For convenience, instructions to obtain or generate the Broker token follow. Whe ## Obtain Broker token for Artifactory Repository setup -1. Navigate to **Settings** > **Add integrations** > **Package Repositories > Artifactory**. -2. Enter the URL of your Artifactory instance, this must end with /artifactory. +1. Navigate to **Settings** > **Add integrations** > **Package Repositories** > **Artifactory**. +2. Enter the URL of your Artifactory instance. This must end with /artifactory. 3. Enter your username and password. 4. Select **Save**. -
Artifactory integration setup

Artifactoryrepository setup

+
Artifactory integration setup

Artifactory repository setup

{% hint style="info" %} If you do not see the Snyk Broker on/off switch, you do not have the necessary permissions and can only add a publicly accessible instance. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md index fc1fed3a51cf..afd339ca6b35 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md @@ -14,7 +14,7 @@ The following fields are optional: * `Basic auth`: Omit if no basic auth required.\ URL encode both username and password info to avoid errors that may prevent authentication. * `Protocol`: Defaults to `https://`\ - This should only be specified when no certificate is present and `http://` is required instead for your instance. + Specify this only when no certificate is present and your instance requires `http://` instead. `ARTIFACTORY_URL` format with optional fields:\ `[http://][username:password@]hostname[:port]/artifactory`\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md index 57bd45f3ce13..4e8e2f64da72 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md @@ -10,11 +10,11 @@ Before installing, review the [prerequisites](./) and the general instructions f This integration is useful to ensure a secure connection with your on-premise Artifactory Repository deployment. -For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker -Container Registry Agent](../../../snyk-broker-container-registry-agent/). +For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker - Container Registry Agent](../../../snyk-broker-container-registry-agent/). ## Configure Broker to be used for Artifactory Registry -To use the Broker client with an Artifactory Registry deployment, **run** `docker pull snyk/broker:artifactory`. Refer to [Artifactory Repository - environment variables for Snyk Broker](artifactory-repository-environment-variables-for-snyk-broker.md) for definitions of the environment variables. +To use the Broker client with an Artifactory Registry deployment, run `docker pull snyk/broker:artifactory`. Refer to [Artifactory Repository - environment variables for Snyk Broker](artifactory-repository-environment-variables-for-snyk-broker.md) for definitions of the environment variables. ## Docker run commands to set up a Broker Client for Artifactory Repository diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md index ecc80052d064..11fbcd80d003 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md @@ -8,7 +8,7 @@ Integration with Artifactory Repository is available only with Enterprise plans. Before installing, review the [prerequisites](./) and the general instructions for installation using [Helm](../../../../../../enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md). -For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker -Container Registry Agent](../../../snyk-broker-container-registry-agent/). +For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker - Container Registry Agent](../../../snyk-broker-container-registry-agent/). To use this chart, you must first add the Snyk Broker Helm Chart by adding the repo: @@ -34,4 +34,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md index 9035e9335d61..b9b851ec282c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md @@ -5,10 +5,10 @@ The following environment variables are required to configure the Broker Client * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Azure Repos integration settings view (app.snyk.io). * `BROKER_SERVER_URL` - the URL of the Broker server for the region in which your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * `AZURE_REPOS_TOKEN` - an Azure Repos personal access token. Refer to this [Guide](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=preview-page) for how to get or create the token. Required scopes: ensure Custom defined is selected and under Code select `Read & write`. -* `AZURE_REPOS_ORG` - Organization name, which can be found on your Organization Overview page in Azure. For Azure Repos on-prem, the typical organization name is `tfs/Main.` If you have more than one Azure organization, you must deploy a Broker for each one +* `AZURE_REPOS_ORG` - Organization name, which can be found on your Organization Overview page in Azure. For Azure Repos on-prem, the typical organization name is `tfs/Main.` If you have more than one Azure organization, you must deploy a Broker for each one. * `AZURE_REPOS_HOST` - the hostname of your Azure Repos Server deployment, such as `your.azure-server.domain.com`. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Azure Repos' webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Azure Repos webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform, you can add an environment variable, `ACCEPT_IAC`, with any combination of `tf,yaml,yml,json,tpl`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md index b19b47d4e645..6a2ac41503d4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md @@ -38,4 +38,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md index 4a86bed5df0d..0e13d058c9a4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md @@ -14,7 +14,7 @@ This integration is useful to ensure a secure connection with your on-premise or To use the Broker Client with [Azure](https://azure.microsoft.com/en-us/services/devops/), run `docker pull snyk/broker:azure-repos`. Refer to [Azure Repos - environment variables for Snyk Broker](azure-repos-environment-variables-for-snyk-broker.md) for definitions of the environment variables. -If necessary, go to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Azure Repos instance is using a private certificate, and setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). +If necessary, navigate to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Azure Repos instance is using a private certificate, and setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). ## Docker run command to set up a Broker Client for Azure Repos @@ -47,10 +47,10 @@ docker run --restart=always \ Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the Azure Repos Integrations page shows the connection to Azure Repos and you can `Add Projects.` +After the container is up, the Azure Repos Integrations page shows the connection to Azure Repos and you can `Add Projects.` ## Basic troubleshooting for Broker with Azure Repos * Run `docker logs ` to look for any errors, where `container id` is the Azure Repos Broker container ID. * Ensure relevant ports are exposed to Azure Repos. -* Make sure that file permissions for the local path to the `accept.json` file, as well as the `accept.json` file itself, are correct and accessible. +* Ensure that file permissions for the local path to the `accept.json` file, as well as the `accept.json` file itself, are correct and accessible. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md index 4de4202c8f00..014df7976fb7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md @@ -8,10 +8,10 @@ The following environment variables are required to configure the Broker client: * `BITBUCKET_PASSWORD` - the Bitbucket Server password. You can use an API token in place of a password. * `BITBUCKET` - the hostname of your Bitbucket Server deployment, such as `your.bitbucket-server.domain.com`. * `BITBUCKET_API` - the API endpoint of your Bitbucket Server deployment. Should be `$BITBUCKET/rest/api/1.0`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. * `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. To enable Snyk Essentials, add the environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md index d1b7ef09058a..f569de5424b6 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md @@ -7,10 +7,10 @@ The following environment variables are required to configure the Broker client: * `BITBUCKET_PAT` - the Bitbucket Server Personal Access Token. * `BITBUCKET` - the hostname of your Bitbucket Server deployment, such as `your.bitbucket-server.domain.com`. * `BITBUCKET_API` - the API endpoint of your Bitbucket Server deployment. Should be `$BITBUCKET/rest/api/1.0`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. * `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. To enable Snyk Essentials, add the environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md index f17c4f14f98d..24b66bb62567 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md @@ -1,6 +1,6 @@ # GitHub Enterprise - environment variables for Snyk Broker -The following environment variables are required to configure the Broker Client: for GitHub Enterprise: +The following environment variables are required to configure the Broker Client for GitHub Enterprise: * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Snyk Org settings view (app.snyk.io). * `GITHUB_TOKEN` - a personal access token with full `repo`, `read:org` and `admin:repo_hook` scopes. @@ -14,9 +14,9 @@ The following environment variables are required to configure the Broker Client: * For GitHub Enterprise Cloud without a custom domain, use `api.github.com`. * `GITHUB_GRAPHQL` - the `graphql` endpoint of your GitHub Enterprise deployment. Do not use `http` or `https`. * For self-hosted, should be `your.ghe.domain.com/api`. - * for GitHub Enterprise Cloud without a custom domain, use `api.github.com/graphql`. + * For GitHub Enterprise Cloud without a custom domain, use `api.github.com/graphql`. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your GitHub Enterprise deployment webhooks, such as `http://broker.url.example:8000`. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your GitHub Enterprise deployment webhooks, such as `http://broker.url.example:8000`. * This must have `http://` and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform files, you can add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md index f29fdd375d18..9a05f0fe53e8 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md @@ -35,4 +35,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md index affe82c35336..8034fca80751 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md @@ -5,7 +5,7 @@ The following environment variables are required to configure the Broker Client * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Snyk Org settings view (app.snyk.io). * `GITHUB_TOKEN` - a personal access token with full `repo`, `read:org` and `admin:repo_hook` scopes. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to GitHub webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to GitHub webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform, you can add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl` diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md index 79adef67866d..ec0584860103 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md @@ -28,4 +28,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md index 36046f62934c..c63106f84e15 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md @@ -7,9 +7,9 @@ The following environment variables are required to configure the Broker Client * `BROKER_SERVER_URL` - the URL of the Broker server for the region in which your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * `GITLAB` - the hostname of your GitLab deployment, such as `your.gitlab.domain.com` or `GitLab.com`. * `PORT` - the local port at which the Broker Client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker Client as needed to be reachable by either GitLab.com or on-prem GitLab deployment in order to establish webhook connectivity. This must be a full URL like `http://broker.url.example:8000`. +* `BROKER_CLIENT_URL` - the full URL of the Broker Client as needed to be reachable by either GitLab.com or on-prem GitLab deployment to establish webhook connectivity. This must be a full URL like `http://broker.url.example:8000`. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. -* `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can simply add an environment variable `ACCEPT_CODE=true`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure as Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_CODE` - by default, Snyk Code does not load code snippets. To enable code snippets, add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - Enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. You can enable it by adding an environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md index 279dcf007321..c93ce931ad58 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md @@ -8,7 +8,7 @@ This integration is useful to ensure a secure connection with your on-premise or To use the Broker client with GitLab.com or an on-prem GitLab deployment, run `docker pull snyk/broker:gitlab`. Refer to [GitLab - environment variables for Snyk Broker](gitlab-environment-variables-for-snyk-broker.md) for definitions of the environment variables. -If necessary, go to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority to the Broker Client configuration if the GitLab instance is using a private certificate, or setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). +If necessary, navigate to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the GitLab instance is using a private certificate, or setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). ## Docker run command to set up a Broker Client for GitLab @@ -34,7 +34,7 @@ docker run --restart=always \ snyk/broker:gitlab ``` -Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This allows the Broker to work properly. +Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This lets the Broker work properly. Snyk Essentials is set by default to `false`. Enable it by setting the flag to `true`. @@ -42,7 +42,7 @@ Snyk Essentials is set by default to `false`. Enable it by setting the flag to ` Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the GitLab Integrations page shows the connection to GitLab, and you can `Add Projects`. +After the container is up, the GitLab Integrations page shows the connection to GitLab, and you can `Add Projects`. ## Basic troubleshooting for Broker with GitLab diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md index b060cd7fb9c9..cdb4950d10a7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md @@ -14,7 +14,7 @@ For the `gitlab` value, do not include `https://.` `ACCEPT_CODE` is [set to true by default](https://github.com/snyk/snyk-broker-helm/blob/465d4ef279755fa5c9507975a88348bab04c2264/charts/snyk-broker/templates/broker_deployment.yaml#L383) in the chart, as is [ACCEPT\_IAC](https://github.com/snyk/snyk-broker-helm/blob/465d4ef279755fa5c9507975a88348bab04c2264/charts/snyk-broker/templates/broker_deployment.yaml#L386C23-L386C43). You can disable them if needed using `disableAutoAcceptRules=true`, but otherwise, these are enabled. -Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This allows the Broker to work properly. +Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This lets the Broker work properly. Snyk Essentials is set by default to `false`. Enable it by setting the flag to `true`. @@ -37,4 +37,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md index f8edc4bbe581..cfb10fd3f5d8 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md @@ -7,7 +7,7 @@ The following environment variables are needed to configure the Broker Client fo * `JIRA_USERNAME` - the Jira username. * `JIRA_PASSWORD` - the Jira password. * `JIRA_HOSTNAME` - the hostname of your Jira deployment, such as `your.jira.domain.com`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible by your Jira for webhooks, such as `http://my.broker.client:8000` +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible by your Jira for webhooks, such as `http://my.broker.client:8000` * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md index 7586ab98e334..8e5f6759c76c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md @@ -36,7 +36,7 @@ If necessary, navigate to [Advanced configuration for Snyk Broker Docker install When SSO is enabled, JIRA usually prohibits the use of a username and password and requires the use of a personal access token (PAT). -When SSO is enabled, you must use a specific Jira version that will instead use the authorization header with the bearer token. To use this version, provide the following configuration: +When SSO is enabled, you must use a specific Jira version that instead uses the authorization header with the bearer token. To use this version, provide the following configuration: ``` docker run --restart=always \ @@ -53,9 +53,9 @@ docker run --restart=always \ Paste the Broker Client configuration to start the Broker Client container. -After the container is set up, and the Jira Integrations page shows the connection to Jira, under Projects, you can create Jira tickets +After the container is set up, and the Jira Integrations page shows the connection to Jira, under Projects, you can create Jira tickets. -## **Basic troubleshooting for Broker with Jira** +## Basic troubleshooting for Broker with Jira * Run `docker logs ` to look for any errors, where `container id` is the Jira Broker container ID. * Ensure relevant ports are exposed to Jira. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md index 7aa257e510d2..3a40bbb73d6a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md @@ -37,7 +37,7 @@ You can verify that the Broker is running by looking at the settings for your br When SSO is enabled, JIRA usually prohibits the use of a username and password and requires the use of a personal access token (PAT). -When SSO is enabled, you must use a specific Jira version that will instead use the authorization header with the bearer token. To use this version, provide the following configuration: +When SSO is enabled, you must use a specific Jira version that instead uses the authorization header with the bearer token. To use this version, provide the following configuration: ``` helm install snyk-broker-chart snyk-broker/snyk-broker \ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md index 1b131b0f71d6..5cbe9defeb83 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md @@ -17,7 +17,7 @@ For convenience, instructions to obtain or generate the Broker token follow. Whe ## Obtain Broker token for Nexus integration -1. Go to **Settings** > **Integrations** > **Package Repositories** > **Nexus** +1. Navigate to **Settings** > **Integrations** > **Package Repositories** > **Nexus**. 2. Verify that you see the screen to configure Nexus.
Configure Nexus

Configure Nexus

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md index bb1fc9c5b701..f51f7d2d8f9e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md @@ -58,7 +58,7 @@ Complex example: `https://alice:mypassword@acme.com: 8000` The URL that points to the base of your repositories within Nexus. By default, the broker assumes `BASE_NEXUS_URL`/nexus/content/ as the value. `RES_BODY_URL_SUB`\ -The URL of the Nexus instance, including `https://` and `/nexus/content` without basic auth credentials. Required for npm and Yarn integrations only**.** Must not end with a forward slash. +The URL of the Nexus instance, including `https://` and `/nexus/content` without basic auth credentials. Required for npm and Yarn integrations only. Must not end with a forward slash. Examples:\ `https://acme.com/nexus/content/groups`\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md index 01c64032eb5e..26ef85409434 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md @@ -54,7 +54,7 @@ docker run --restart=always \ snyk/broker:nexus2 ``` -You can find your `BASE_NEXUS_URL` by visiting the Nexus UI and navigating to the server tab under **Administration**, then selecting the **Base URL** entry without a trailing slash. This will typically end with `/nexus`, but may vary with non-default deployments. If you have a custom base URL then you must also set the `NEXUS_URL` environment variable to point to the URL where your repositories live. By default this is configured as `/nexus/content` but should follow a similar format to your base URL. +You can find your `BASE_NEXUS_URL` by visiting the Nexus UI and navigating to the server tab under **Administration**, then selecting the **Base URL** entry without a trailing slash. This typically ends with `/nexus`, but may vary with non-default deployments. If you have a custom base URL then you must also set the `NEXUS_URL` environment variable to point to the URL where your repositories live. By default this is configured as `/nexus/content` but should follow a similar format to your base URL. ## Start the Broker Client container and verify the connection with Nexus Repository Manager diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md index 958e9b1d71bc..76170c9b4ccd 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md @@ -38,7 +38,7 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Nexus 2 Helm installation @@ -65,4 +65,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md index 2d243d873bfd..0a96d7ca9e6b 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md @@ -44,7 +44,7 @@ Consider the following to understand what the required components are for your d * See [Snyk Broker - Infrastructure as Code detection](../snyk-broker-infrastructure-as-code-detection.md). * Are you planning to detect Snyk Code vulnerabilities? See [Clone an integration across your Snyk Organizatons](../clone-an-integration-across-your-snyk-organizations.md). * Are you planning to connect to a Container Registry? - * You will need to deploy an additional agent with the Broker, the Snyk Broker Container Registry Agent. + * You must deploy an additional agent with the Broker, the Snyk Broker Container Registry Agent. * See [Snyk Broker Container Registry agent](../../snyk-broker-container-registry-agent/). Every integration has a specific Broker token assigned to it. An integration to analyze Snyk Code vulnerabilities and connect to a Container Registry has the following: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md index 886811e909fa..8b8d32dc5017 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md @@ -1,16 +1,16 @@ # High availability mode -High availability mode allows you to run several Broker clients that work independently to one another. The Snyk platform will spread the requests it makes evenly across the connections to ease the load on each client and provide redundancy. High availability mode also avoids downtime during Snyk server upgrade events. +High availability mode lets you run several Broker clients that work independently of one another. The Snyk platform spreads the requests it makes evenly across the connections to ease the load on each client and provide redundancy. High availability mode also avoids downtime during Snyk server upgrade events.
Operation of multiple Broker clients in high availability

Operation of multiple Broker clients in high availability

For high availability mode, use Docker Compose to run multiple replicas (see [Docker Compose example](universal-broker/running-your-universal-broker-client.md#docker-compose-example)) or by increasing the replica count in your Kubernetes deployment. Each container must have the exact same configuration parameters. -A maximum of four Broker Clients can run concurrently in high availability mode. Running a fifth Broker Client will attempt to connect indefinitely. +A maximum of four Broker Clients can run concurrently in high availability mode. A fifth Broker Client attempts to connect indefinitely. ## **Important notes about settings** -The Dispatcher Base URL should be specific to your region if you are using a regional Snyk platform, for example, api.eu.snyk.io. See [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency) for details. +The Dispatcher Base URL must be specific to your region if you are using a regional Snyk platform, for example, api.eu.snyk.io. See [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency) for details. If you are using app.snyk.io, the following is not required. It is applicable only to regional Snyk platforms. @@ -18,7 +18,7 @@ If you are using app.snyk.io, the following is not required. It is applicable on BROKER_DISPATCHER_BASE_URL=https://api.snyk.io ``` -Outbound connection to api.snyk.io or the corresponding api hostname must be allowed. Otherwise, preflight checks will indicate failure upon Broker client startup. +Outbound connection to api.snyk.io or the corresponding api hostname must be allowed. Otherwise, preflight checks indicate failure upon Broker client startup. The `BROKER_CLIENT_URL` value must remain the same across all the Broker clients in the high availability set. The same `BROKER_TOKEN` must also be used.\ It is acceptable for this URL to resolve to a particular client. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md index 807984740618..594c5ba54e89 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md @@ -10,7 +10,7 @@ If it is not specified, BROKER\_SERVER\_URL is [https://broker.snyk.io](https:// ## `rest-api-status` -The REST API Healthcheck validates the connectivity to the Snyk REST API by performing a GET request to `{API_BASE_URL}/rest/openapi`. This check is conditional and will be executed only if high availability mode is enabled. +The REST API Healthcheck validates the connectivity to the Snyk REST API by performing a GET request to `{API_BASE_URL}/rest/openapi`. This check is conditional and runs only if high availability mode is enabled. If it is not specified, the `API_BASE_URL` is [https://api.snyk.io](https://api.snyk.io/). For additional URLs, see [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). @@ -23,5 +23,5 @@ If you are using TLS termination and you do not require a certificate+key in the There is no default. {% hint style="info" %} -You can use the environment variable PREFLIGHT\_CHECKS\_ENABLED=false to disable the Preflight Checks feature, so no checks will be executed when the Broker Client starts. +You can use the environment variable PREFLIGHT\_CHECKS\_ENABLED=false to disable the Preflight Checks feature, so no checks run when the Broker Client starts. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md index 26a2a1456eb7..ddf3d18627ba 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md @@ -18,8 +18,8 @@ As of version v4.151.0, the Snyk Broker Client supports commit signing for GitHu 1. To use commit signing, provide the following environment variables for the Broker Client: * `GPG_PRIVATE_KEY`: GPG private key exported as an ASCII armored version. Note that the value must start with `-----BEGIN PGP PRIVATE KEY BLOCK-----` and end with `-----END PGP PRIVATE KEY BLOCK-----`. * `GPG_PASSPHRASE`: Passphrase of the GPG private key. - * `GIT_COMMITTER_NAME`: will be used to set a committer name. - * `GIT_COMMITTER_EMAIL`: will be used to set a committer email. + * `GIT_COMMITTER_NAME`: sets a committer name. + * `GIT_COMMITTER_EMAIL`: sets a committer email. 2. Enable **Broker Client Commit Signing** in the Broker settings. ## Troubleshooting commit signing @@ -27,4 +27,4 @@ As of version v4.151.0, the Snyk Broker Client supports commit signing for GitHu If commits are shown as `Unverified` in GitHub, you must do the following: * Verify that the GPG public key is imported to the correct GitHub user and that the email address is the same in GitHub as in the environment variables. -* To ensure that the commit signing feature has been activated for the Broker Client in the Snyk Organization, check the logs and verify that the following message appears when the Broker Client starts up: ​​`loading commit signing rules (enabled=true, rulesCount=5)` +* To ensure that the commit signing feature is activated for the Broker Client in the Snyk Organization, check the logs and verify that the following message appears when the Broker Client starts up: ​​`loading commit signing rules (enabled=true, rulesCount=5)` diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md index 136cec871ffd..251309e08046 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md @@ -6,9 +6,9 @@ Snyk Broker Container Registry Agent is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -The Snyk Broker Container Registry Agent enables you to connect with network-restricted container registries so you can scan these registries using the Snyk service. +The Snyk Broker Container Registry Agent lets you connect with network-restricted container registries so you can scan these registries using the Snyk service. -When you use the Container Registry Agent, Snyk can integrate with private container registries that you host, and help you to better secure container images in those registries. Integration with private container registries allows you to: +When you use the Container Registry Agent, Snyk can integrate with private container registries that you host, and help you to better secure container images in those registries. Integration with private container registries lets you: * Keep sensitive data such as your access tokens inside your private network, never sharing that information with Snyk. * Provide controlled access to the network for Snyk, limiting Snyk access and the actions that Snyk can perform. @@ -79,12 +79,12 @@ With the listed configuration of 1 vCPU and 2GB RAM, scanning capacity would be ### Configuring and running the Container Registry Agent -Snyk recommends deploying the Container Registry Agent first as both Universal and Classic Broker requires configuration input from that deployment, namely the Container Registry Agent URL. You can pull the Container Registry Agent image from Docker Hub using the link provided in the [prerequisites](./#prerequisites-for-container-registry-agent). +Snyk recommends deploying the Container Registry Agent first, as both Universal and Classic Broker require configuration input from that deployment, namely the Container Registry Agent URL. You can pull the Container Registry Agent image from Docker Hub using the link provided in the [prerequisites](./#prerequisites-for-container-registry-agent). To configure the Container Registry Agent, the following environment variables are available: * `SNYK_PORT` - the local port at which the Container Registry Agent accepts connections (default value: 17500). -* `SNYK_MAX_IMAGE_SIZE_IN_BYTES` - the maximum size of an image that Snyk is able to scan (optional, default value: 2147483648). +* `SNYK_MAX_IMAGE_SIZE_IN_BYTES` - the maximum size of an image that Snyk can scan (optional, default value: 2147483648). Run the Container Registry Agent container with the relevant configuration: @@ -161,7 +161,7 @@ The following container registries require specific environment variables, setup ### **GCR and Google Artifact Registry** -All the preceding information applies to setting up the Broker Client for these container registries. The `CR_USERNAME` value is permanent and should be `_json_key`, and the `CR_PASSWORD` value should be the JSON key used to authenticate to Google. +All the preceding information applies to setting up the Broker Client for these container registries. The `CR_USERNAME` value is permanent and must be `_json_key`, and the `CR_PASSWORD` value must be the JSON key used to authenticate to Google. ### **JFrog Container Registry (Artifactory)** diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md index 4c0954def6b6..352905216478 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md @@ -6,7 +6,7 @@ In Elastic Container Registries the brokered communication is the same as in oth The Container Registry Agent IAM Role or IAM User is an IAM Role or IAM User is used by the Container Registry Agent to assume a role with access to ECR. -The Snyk ECR Service Role is an IAM Role with access to ECR and assumed by the Container Registry Agent IAM Role or IAM User to gain read-only access to ECR. The Snyk ECR Service Role ARN is provided to the Broker Client together with the region the ECR runs in, and is passed to the Container Registry Agent that will assume it. +The Snyk ECR Service Role is an IAM Role with access to ECR and assumed by the Container Registry Agent IAM Role or IAM User to gain read-only access to ECR. The Snyk ECR Service Role ARN is provided to the Broker Client together with the region the ECR runs in, and is passed to the Container Registry Agent that assumes it. If there are multiple ECRs in multiple accounts that need to communicate with the Container Registry Agent, you must set up a Broker Client for each ECR. @@ -25,7 +25,7 @@ Follow these steps to set up a single Container Registry Agent instance with acc ## **Step 1: Run the Container Registry Agent with a IAM User or IAM Role** -In this step, create an IAM Role or an IAM User for use by the Container Registry Agent. The IAM Role or IAM User could be provided to the Container Registry Agent via the methods described in the [AWS docs](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html). +In this step, create an IAM Role or an IAM User for use by the Container Registry Agent. The IAM Role or IAM User could be provided to the Container Registry Agent using the methods described in the [AWS docs](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html). The following examples explain how to provide the IAM Role or IAM User using one of the following methods. You can also provide a dedicated role in Amazon ECS tasks. For more information, see the [AWS docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). @@ -51,7 +51,7 @@ The following examples explain how to provide the IAM Role or IAM User using one 1. In the newly created role page, in the **Permissions** tab, create an **Inline policy**. 2. In **Service** choose **STS**. 3. In **Actions** choose **Write** > **AssumeRole**. -4. In **Resources** choose **All resources** (you will harden the resources in a later step). +4. In **Resources** choose **All resources** (you harden the resources in a later step). 5. In the **JSON** tab verify that the policy contains the following: ``` @@ -90,7 +90,7 @@ When you are running the Container Registry Agent image on the EC2 machine, the 4. Select **Programmatic access** as the **Access type**. 5. Choose to go next with permission and tags. 6. Review and create the user. -7. Once the user is created, save its credentials (Access Key ID and Secret Access Key) for later use. +7. After the user is created, save its credentials (Access Key ID and Secret Access Key) for later use. 8. From the user's **Summary** page, copy the **User ARN** for later use.\ Example: `arn:aws:iam::aws-account:user` or `SnykCraUser` @@ -98,8 +98,8 @@ When you are running the Container Registry Agent image on the EC2 machine, the 1. In the newly created user page, in the **Permissions** tab create an **Inline policy**. 2. In **Service** choose **STS**. -3. In **Actions** choose **Write** >**AssumeRole**. -4. In **Resources** choose **All resources** (you will harden the resources in a later step). +3. In **Actions** choose **Write** > **AssumeRole**. +4. In **Resources** choose **All resources** (you harden the resources in a later step). 5. In the **JSON** tab verify that the policy contains the following statement: ``` @@ -127,7 +127,7 @@ When you are running the Container Registry Agent image, the credentials could b ## Step 2: Create Snyk ECR Service Role and enable cross-account access to ECR -In this step, you will create a Role in the account in which your ECR repositories reside. This Role will allow read-only access to your repositories and could be assumed by the Role created in the previous step. +In this step, you create a Role in the account in which your ECR repositories reside. This Role allows read-only access to your repositories and could be assumed by the Role created in the previous step. ### **1. Create a read-only ECR policy to be used by the Snyk ECR Service Role** @@ -209,7 +209,7 @@ This step hardens the usability of the Snyk ECR Service Role so that it can be a * In **Statement.Principal.AWS** enter the IAM Role or IAM User created in the Step 1 .\ Example: `arn:aws:iam::aws-account:user` or `SnykCraEc2Role`\ OR `arn:aws:iam::aws-account:role` or `SnykCraUser`, respectively - * In **Condition.StringEquals.sts:ExternalId** you may use an external ID of your choice, which will be used when the credentials object is provided to the Broker Client. + * In **Condition.StringEquals.sts:ExternalId** you can use an external ID of your choice, which is used when the credentials object is provided to the Broker Client. * To support multiple external IDs, enter a list of IDs in a square brackets.\ Example: `sts:ExternalId: [ 11111111-1111-1111-1111-111111111111, 22222222-2222-2222-2222-222222222222 ]` 5. Update the trust policy. @@ -253,7 +253,7 @@ If the Container Registry Agent needs to access multiple ECR registries found in ## **Step 4: Provide** Snyk ECR Service Role **ARN and external ID to the Broker Client** -In this step, the Role ARN of the SnykEcrServiceRole \_\*\*\_will be used by providing it to the Broker Client. The broker client will pass it to the Container Registry Agent, which will assume it to connect to ECR. +In this step, you use the Role ARN of the SnykEcrServiceRole \_\*\*\_by providing it to the Broker Client. The Broker Client passes it to the Container Registry Agent, which assumes it to connect to ECR. 1. Copy the **Role ARN** key that appears at the top of the **Summary** section of the[ SnykEcrServiceRole](https://console.aws.amazon.com/iam/home?#/roles/SnykEcrServiceRole). 2. When running the Broker Client, provide the following environment variables to allow the Container Registry Agent to access your ECR account. No username and password are needed. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md index 8893e783c9c6..651c5259996b 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md @@ -25,7 +25,7 @@ By default, the log level of the Broker is set to INFO. All SCM responses, regar To keep the logs concise in normal operation, Snyk produces minimal information on the INFO level, tracking the requests coming from Snyk into the client as well as the downstream request made to the targeted system, Github, Gitlab, JIRA, and so on, and logging the url hit and the response code received.\\ -When you set `LOG_INFO_VERBOSE="true"`, the environment variable will add the headers in these log lines without requiring that you use debug. +When you set `LOG_INFO_VERBOSE="true"`, the environment variable adds the headers in these log lines without requiring that you use debug. {% hint style="warning" %} If you override the default logging, some logs may be provided by other processes such as API requests, and may list credentials. Before you send any Broker logs with increased logging enabled, check for any passwords or tokens and redact them in bulk. @@ -49,7 +49,7 @@ ENV BROKER_HEALTHCHECK_PATH /path/to/healthcheck The Broker Client exposes an endpoint at `/systemcheck`, which can be used to validate the connectivity and credentials of the brokered service, Git or another SCM, or the brokered container registry . This endpoint causes the Broker Client to make a request to a preconfigured URL and report on the success of the request. The supported configuration is: -* `BROKER_CLIENT_VALIDATION_URL` - the URL to which the request will be made. +* `BROKER_CLIENT_VALIDATION_URL` - the URL to which the request is made. * `BROKER_CLIENT_VALIDATION_AUTHORIZATION_HEADER` - \[optional] the `Authorization` header value of the request. Mutually exclusive with `BROKER_CLIENT_VALIDATION_BASIC_AUTH`. * `BROKER_CLIENT_VALIDATION_BASIC_AUTH` - \[optional] the basic auth credentials (`username:password`) to be base64 encoded and placed in the `Authorization` header value of the request. Mutually exclusive with `BROKER_CLIENT_VALIDATION_AUTHORIZATION_HEADER`. * `BROKER_CLIENT_VALIDATION_METHOD` - \[optional] the HTTP method of the request (default is `GET`). @@ -83,7 +83,7 @@ If after running the Broker there is still an error connecting to the on-premise ### Common problems with Standalone Broker -* If there is no log after performing the preceding steps, ensure that the customer has the correct Broker token. If so, ensure that the websocket has been established. Some firewalls will block this +* If there is no log after performing the preceding steps, ensure that the customer has the correct Broker token. If so, ensure that the websocket is established. Some firewalls block this * Review the HTTP code in the request to the on-premise Git. * 404 - Not found - Ensure correct information in the Docker run command. * 401/403 - Check credentials. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md index 3059ad64b18c..69d1c86bbfbe 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md @@ -1,16 +1,16 @@ # Broker client URL -A webhook from an SCM to Snyk allows the SCM integration to communicate with Snyk. When code is updated, whether the update is to an open-source manifest file or to code files, and the developer creates a pull request, the SCM notifies Snyk through the webhook. +A webhook from an SCM to Snyk lets the SCM integration communicate with Snyk. When code is updated, whether the update is to an open-source manifest file or to code files, and the developer creates a pull request, the SCM notifies Snyk through the webhook. -The webhook can be set to reach out to Snyk directly to indicate that files have changed, and Snyk will request the files through Broker. The SCM then sends those files to Snyk, and Snyk scans for code, security, and license issues based on your integrations and the products you have, and returns a pass/fail determination for the SCM check. +The webhook can be set to reach out to Snyk directly to indicate that files have changed, and Snyk requests the files through Broker. The SCM then sends those files to Snyk, and Snyk scans for code, security, and license issues based on your integrations and the products you have, and returns a pass/fail determination for the SCM check. Sometimes the webhook cannot communicate directly with Snyk because the infrastructure prevents the repository from reaching outside of the private cloud or data center. Then the Broker facilitates the communication, sending notification of changes to the code, sending the request for files to the SCM, and conveying the files to Snyk, which returns the results of the scan. You can then continue work: review the status, ask for more information, see the issues in the PR if you are using the inline comments capability, and view the details in the Snyk portal. The same webhook mechanism is used to facilitate communication when Snyk creates a pull request, for example, when you see an issue in the Snyk interface and use the button to fix the vulnerability. -When you set up a connection, the webhook target endpoint is defined by the value of the `broker_client_url` value. The webhook can point directly to Snyk or to the Broker client container, which will relay the webhook to Snyk. +When you set up a connection, the webhook target endpoint is defined by the value of the `broker_client_url` value. The webhook can point directly to Snyk or to the Broker client container, which relays the webhook to Snyk. -By default, SCM integrations use the regional Snyk API endpoint. For the list of URLs, see [Broker client URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). Sometimes, however, your environment may prohibit SCM webhooks from leaving the private cloud or data center. In that case, the webhook and thus the SCM must point to the Snyk Broker container running in your environment. In these cases, the`broker_client_url` has to reflect the hostname and port of the Broker client. +By default, SCM integrations use the regional Snyk API endpoint. For the list of URLs, see [Broker client URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). Sometimes, however, your environment might prohibit SCM webhooks from leaving the private cloud or data center. In that case, the webhook and thus the SCM must point to the Snyk Broker container running in your environment. In these cases, the`broker_client_url` has to reflect the hostname and port of the Broker client. Non-SCM integrations, notably the container registries integrations, require the Broker client URL to be the Broker client address. Snyk recommends using a DNS host name, such as `http://my.broker.client`, but you can also use IP addresses (`http://192.168.0.1`). Ensure to append the port, for example, `http://my.broker.client:8000`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md index 7a190306bccf..14f8879d6357 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md @@ -1,17 +1,17 @@ # Disconnect and clean up -The `snyk-broker-config workflows delete` command allows you to remove resources. +The `snyk-broker-config workflows delete` command lets you remove resources. Protections are in place to prevent invalid connection states, so you cannot delete connections that are integrated, and therefore relied upon, by Organizations. You must disconnect the integration before deleting the connection. The `snyk-broker-config workflows connections delete` command walks you through the disconnection steps. -For all resources, you must delete the child items before you can delete a parent, as illustrated in the diagram that follows. A deployment contains connections and credentials references. Connections use credentials references. Each connection may have an integration with one or more Organizations. +For all resources, you must delete the child items before you can delete a parent, as illustrated in the diagram that follows. A deployment contains connections and credentials references. Connections use credentials references. Each connection can have an integration with one or more Organizations. The `snyk-broker-config introduction` command walk you through this flow and indicates what needs to be done to achieve successful deletion. These commands implement and enforce the following rules: * Before you delete a connection, you must disconnect all integrations. -* Before you delete a credentials reference, you must delete the connection(s) using it. +* Before you delete a credentials reference, you must delete the connections using it. * Before you delete a deployment, you must delete all connections and credentials references.

Universal Broker resource data model illustrating child items to delete before parent items

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md index c1e6576cbe57..9e022a1ef6be 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md @@ -9,11 +9,11 @@ Using the snyk-broker-config CLI tool is supported on Windows. Before installing the Universal Broker `snyk-broker-config` CLI tool, be sure you have met the following prerequisites. If you need help, contact your Snyk account team. * Minimum client machine system requirements: 1 CPU and 512 MB RAM.\ - Note: If you're performing a high-load import, we would recommend more RAM be allocated. This could be decreased after traffic is lowered. + Note: If you're performing a high-load import, Snyk recommends allocating more RAM. You can decrease this after traffic is lowered. * Network access that is allowed by any firewalls installed on your network: an outbound TLS (443) to `https://broker.snyk.io` AND `https://api.snyk.io` or your [regional Broker URL](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * A Snyk account and your personal Snyk API token; you cannot use a service account. * Snyk Tenant admin permissions. If you are not a Tenant admin, you can reach out to your team's Tenant admin [to add you](../../../../snyk-platform-administration/groups-and-organizations/tenant/manage-users-in-a-tenant.md). Otherwise, reach out to your support team member or [raise a support case](https://support.snyk.io/s/). -* A new/dedicated Snyk Organization. This will be used to administrate your Broker configurations, and a dedicated Organization will help prevent accidental removal. See [Create an Organization](../../../../snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md#create-an-organization) for details. +* A new/dedicated Snyk Organization. Snyk uses this to administrate your Broker configurations, and a dedicated Organization helps prevent accidental removal. See [Create an Organization](../../../../snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md#create-an-organization) for details. * An SCM token or password. Snyk Broker does not support authentication with the mTLS method. * Node 20 or higher installed. * Docker Compose or Kubernetes installed and configured to pull images from Docker Hub. @@ -30,10 +30,10 @@ Windows * `set SNYK_TOKEN=` * `set TENANT_ID=` -When running the Broker container, you may need to override the Broker server URL to the region where your data is hosted if you are using a region other than SNYK US-01. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).\ +When running the Broker container, you might need to override the Broker server URL to the region where your data is hosted if you are using a region other than SNYK US-01. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).\ Example: `-e BROKER_SERVER_URL=https://broker.eu.snyk.io`. -If you are using a different region than SNYK US-01 you should also export the relevant `SNYK_API_HOSTNAME` value into your terminal's environment variables after you install the `snyk-broker-config` CLI tool and before you create your first connection: +If you are using a different region than SNYK US-01, also export the relevant `SNYK_API_HOSTNAME` value into your terminal's environment variables after you install the `snyk-broker-config` CLI tool and before you create your first connection: * `export SNYK_API_HOSTNAME=https://api.REGION.snyk.io` (Linux/Mac) * `set SNYK_API_HOSTNAME=https://api.REGION.snyk.io` (Windows) diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md index 13a0ee240a1a..b86743696de9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md @@ -16,10 +16,10 @@ docker run --restart=always \ snyk/broker:universal ``` -At this point, the Broker will display a message like the following: +At this point, the Broker displays a message like the following: ``` {"name":"my github connection","hostname":"ae7d64e0edac","pid":1,"level":30,"id":"12345678-1234-1234-1234-123456789012","msg":"Connection (my github connection) not in use by any orgs. Will check periodically and create connection when in use.","time":"2024-06-18T20:21:24.382Z","v":0} ``` -In Kubernetes deployments with hot-loaded secrets, when you edit a secret, typically using a vault system or something similar, the values in the secrets are automatically updated into the mounted secret file. This allows the Broker to trigger a reloading while running, hot-loading the new value without needing to restart the container. +In Kubernetes deployments with hot-loaded secrets, when you edit a secret, typically using a vault system or something similar, the values in the secrets are automatically updated into the mounted secret file. This lets the Broker trigger a reloading while running, hot-loading the new value without needing to restart the container. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md index e09bb4b3a942..9d080286f5ee 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md @@ -5,12 +5,12 @@ Ensure you have all of the [prerequisites](prerequisites-for-universal-broker.md * The DEPLOYMENT\_ID, CLIENT\_ID, CLIENT\_SECRET for your Broker Deployment * A credential reference associated with your deployment -* Valid integration credentials required by your connections such as MY\_GITHUB\_TOKEN If references are missing, the connection will not be established, and an error entry will be logged in the Broker client logs. +* Valid integration credentials required by your connections such as MY\_GITHUB\_TOKEN If references are missing, the connection is not established, and Snyk logs an error entry in the Broker client logs. {% endhint %} Run your Broker deployment on your container engine ([Docker Compose](running-your-universal-broker-client.md#docker-compose-example) or [Kubernetes cluster](running-your-universal-broker-client.md#helm)). -If you are not using `app.snyk.io` (for example, if you log into https://app.eu.snyk.io), you will need to target the Broker server for your region by using the following in your Docker run command `-e BROKER_SERVER_URL=https://broker.region.snyk.io \` . For details, visit [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). +If you are not using `app.snyk.io` (for example, if you log into https://app.eu.snyk.io), you must target the Broker server for your region by using the following in your Docker run command `-e BROKER_SERVER_URL=https://broker.region.snyk.io \` . For details, visit [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). ## Docker Compose example diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md index 650fb93a97de..fac963a9f96d 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md @@ -12,7 +12,7 @@ After you have installed the `snyk-broker-config` CLI tool: * Run `snyk-broker-config workflows connections create`. * Create a deployment if none exists, or select a deployment if more than one exists.\ - A single deployment setup will be selected automatically. + Snyk selects a single deployment setup automatically. If you want to create a new deployment: @@ -30,7 +30,7 @@ When you see the messages `Connection created` and `Ready to configure integrati Note that you can start the Broker client before the connection is integrated with any Organization. The Organization integration steps can be done in parallel with the Broker client container running. -If you are adding a connection to a running Broker deployment, the Broker client might take up to two minutes to pick up the new connection. +If you are adding a connection to a running Broker deployment, the Broker client can take up to two minutes to pick up the new connection. {% hint style="info" %} You can learn more about importing a code repository from an SCM into Snyk and creating connections, and more, with the [Universal Broker Snyk Learn ](https://learn.snyk.io/lesson/universal-broker/#3f799f7f-58a9-4225-53fb-9cc5b6913920)course. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md index 5b72bce6e373..b9a553e4fbb0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md @@ -29,7 +29,7 @@ If you run into issues, you can roll back to the Classic Broker client as long a ## Migrate multiple Organizations -The bulk migration workflow allows you to migrate multiple Organizations at the same time. To do this: +The bulk migration workflow lets you migrate multiple Organizations at the same time. To do this: 1. Create a test connection and integrate it. See steps 1-3 from [Migrating a single Organization](upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md#migrating-a-single-organization). 2. Run `snyk-broker-config workflows bulk-migration list` to see a list of all the Organizations that can be migrated. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md index ea66bac0c9c2..6d5da73940a6 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md @@ -18,4 +18,4 @@ You start the workflow and select a deployment. You create a new connection for You start the workflow and select a deployment. You select an existing connection to integrate with an Organization and enter the Org ID for that Organization. The connection is then integrated with the Organization by Org ID. The connection is ready. -

Integrate a connection with an Organizaton

+

Integrate a connection with an Organization

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md index 921f335cbd4b..86f25abe9849 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md @@ -1,10 +1,10 @@ # Update the Snyk Broker client -Snyk regularly releases updated versions of the Broker client in order to provide new features, bug fixes, and more. Snyk recommends that you install the updated version of your Broker client regularly to take advantage of bug fixes and new features. +Snyk regularly releases updated versions of the Broker client to provide new features, bug fixes, and more. Snyk recommends that you install the updated version of your Broker client regularly to take advantage of bug fixes and new features. The full list of versions with release notes is available on [Snyk Broker GitHub](https://github.com/snyk/broker/releases). Snyk encourages you to [subscribe to the RSS feed](https://github.com/snyk/broker/releases.atom) for that page to receive information about versions as they are released. The Docker images are released more slowly than the GitHub releases. The `docker pull` command always pulls the most recent image. -Update the Broker client in the same way you installed it initially. Stopping and starting your Broker by itself will not update the version of Broker client that is used +Update the Broker client in the same way you installed it initially. Stopping and starting your Broker by itself does not update the version of Broker client that is used. ## Updating using the Docker method @@ -12,6 +12,6 @@ Run `docker pull snyk/broker:` to pull the latest version of t ## Updating using the Helm method -The specifics will be determined by how you initially installed and ran your Snyk Broker, but running a Helm upgrade\` instead of Helm install\` with the same arguments will pull the latest chart, unless you target a specific chart version. Ensure that you still supply the correct values for your Broker, either by using the `--set :` commands, or by using a YAML file. +The specifics depend on how you initially installed and ran your Snyk Broker, but running a Helm upgrade\` instead of Helm install\` with the same arguments pulls the latest chart, unless you target a specific chart version. Ensure that you still supply the correct values for your Broker, either by using the `--set :` commands, or by using a YAML file. -The Helm Chart targets the latest version of the applicable Broker client and has `imagePullPolicy: Always`, so upgrading to the latest chart will reinitialize the pod and pull the latest version of the client. +The Helm Chart targets the latest version of the applicable Broker client and has `imagePullPolicy: Always`, so upgrading to the latest chart reinitializes the pod and pulls the latest version of the client. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md index 0df5973c896c..df7187a98866 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md @@ -2,9 +2,9 @@ Beginning with version 4.169.1, all Broker container images are signed using Cosign. -Cosign is the tool for signing and verifying containers. Cosign Includes storage in an Open Container Initiative (OCI) registry. +Cosign is the tool for signing and verifying containers. Cosign includes storage in an Open Container Initiative (OCI) registry. -Cosign is designed to enhance the security of container images by providing a simple and efficient way to sign and verify them. It leverages the concept of digital signatures, with which you sign the container image with your private key, and the recipient can verify your signature using the corresponding public key. +Cosign is designed to enhance the security of container images by providing a simple and efficient way to sign and verify them. It uses the concept of digital signatures, with which you sign the container image with your private key, and the recipient can verify your signature using the corresponding public key. ## Prerequisite for verifying Broker image signatures @@ -14,7 +14,7 @@ You must [install Cosign](https://docs.sigstore.dev/system_config/installation/) To verify the signed image, you must use the built-in `cosign verify` command. -It is not necessary to pull the Broker container image to perform the verification step +It is not necessary to pull the Broker container image to perform the verification step. ``` $ cosign verify --key cosign.pub snyk/broker:4.169.1-github-com diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/README.md index 6a7af4f79f97..3dac849125d2 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/README.md @@ -2,13 +2,13 @@ ## The Snyk hierarchy -Snyk has a hierarchy that allows you to control access to Snyk scanning and features. +Snyk has a hierarchy that lets you control access to Snyk scanning and features.

The Snyk hierarchy for Enterprise plans

-* **Account:** Users must log in to their Snyk account to scan and view or modify any settings and scan +* **Account:** Users must log in to their Snyk account to scan and view or modify any settings and scan. * [**Tenants**](tenant/): A Tenant encompasses the entire Snyk workspace of your company, team, and individual users. You have one Tenant that encompasses all your Snyk work items: Groups, Organizations, Targets, Projects, and all their adjacent entities, for example, Snyk features, Tags, Collections, and so on. -* [**Groups**](groups/): A Group encompasses your entire base of Snyk users. You have at least one Snyk Group. Large companies may have multiple Groups with multiple Organizations. +* [**Groups**](groups/): A Group encompasses your entire base of Snyk users. You have at least one Snyk Group. Large companies can have multiple Groups with multiple Organizations. * [**Organizations**](organizations/): An Organization represents a specific area, such as a team, in your business. Organizations can contain multiple Projects. * [**Targets**:](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/glossary#target) A Target represents the external resource that Snyk scans, like a repository. One Target can relate to multiple Projects. For example, a Target `https://github.com/examplesnyk/example` contains the Projects `package.json` and `Dockerfile.` * [**Projects**](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects)**:** A Project is established based on the item that Snyk scans for issues, such as a manifest file. Each Project shows the results of scans. You can configure your Projects to define how to scan for issues in that Project. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md index c1d5704bb159..75814e10a8e3 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md @@ -24,7 +24,7 @@ At the Organization level, select **Settings** to manage Organization settings a * **Integrations**: Set up integrations and see a list of those configured for your Organization; click the name of the configured integration to see the details. See [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) for information about available Snyk integrations. * **Snyk Open Source**: Enable Reachable vulnerabilities analysis and edit language settings; see [Snyk Open Source - supported languages and package managers](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/supported-languages/supported-languages-package-managers-and-frameworks) for details. * **Snyk Code**: Enable Snyk Code; see the [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) documentation for details. -* **Snyk IaC:** Enable Snyk Iac, detecting configuration files, and rules. Select severity levels for configurations scanned. See the [IaC ](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code)documentation for details. +* **Snyk IaC:** Enable Snyk IaC, detecting configuration files, and rules. Select severity levels for configurations scanned. See the [IaC ](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code)documentation for details. * **Usage**: See the [Usage settings](usage-settings.md) page for details. * **Notifications**: See the [Manage notifications](../manage-notifications.md) page for details. * **Snyk Preview**: See the [Snyk Preview page](../snyk-preview.md) for details. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md index 865927fea936..b915385d7cc8 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md @@ -40,7 +40,7 @@ You can [view dependencies](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/preve ### Group Policies -With Policies, you can easily automate the process of adding business context and receiving notifications. +With Policies, you can automate the process of adding business context and receiving notifications. After a policy is created, it is run in a maximum of 3 hours after creation, then once every 3 hours. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md index 31e542d89794..18ec3dd0c0ee 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md @@ -2,7 +2,7 @@ By default, inactive logged-in users are automatically logged out after 24 hours to protect any account from being exposed inadvertently through user inactivity. -Group admins can change the default session length to any value from five minutes to 30 days. +Group admins can change the default session length to any value from 5 minutes to 30 days. {% hint style="info" %} Users who belong to multiple Groups are always logged out automatically after the shortest time configured for any of those Groups. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md index c2375b34536e..30f2a0f7bddd 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md @@ -6,12 +6,12 @@ To view and modify settings for your Group, navigate to **Settings** > **General In the Group general settings, you can view and modify the following: -* **Group name**: View or modify the name of the group as displayed in the Snyk Web UI. -* **Group ID**: View and copy the unique ID for this Group. You will need this ID when using the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). +* **Group name**: View or modify the name of the Group as displayed in the Snyk Web UI. +* **Group ID**: View and copy the unique ID for this Group. You need this ID when using the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). * **Session expiration**: By default, users are logged out of Snyk after 24 hours of inactivity. You can change the session expiration time for your Group. For details, see [Configure session length for a Snyk Group](configure-session-length-for-a-snyk-group.md) in the user management documentation. * **Requesting access**: Enable to allow users without access to a Snyk Organization to request access. * This is possible only for users who have registered with Snyk and are trying to reach the URL of a specific Project in the Organization, such as from a pull request. * This restriction reduces the risk of someone guessing the URL of your Organization. * The value set is used as the default for any new Organizations but does not override the **Requesting access** setting for existing Snyk Organizations. * For more details, see [Enable the Request Access setting](../organizations/requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. -* **Project test frequency**: Set the default test frequency for any new Projects created in this Group. Note that Changing the **Project test frequency** setting will not affect the default test frequency of [Snyk Infrastructure as Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code) or [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) Projects. The default for both of these is weekly. +* **Project test frequency**: Set the default test frequency for any new Projects created in this Group. Note that changing the **Project test frequency** setting does not affect the default test frequency of [Snyk Infrastructure as Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code) or [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) Projects. The default for both of these is weekly. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md index 587f5c992e40..a87404a3e400 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md @@ -42,7 +42,7 @@ A Group Member can have different roles in different Organizations. You can filt

Group member details

-Users with the Group Admin role have access to all Organizations in that Group, with the same access level as the Organization Admin role in these Organizations. You cannot change the role of a Group admin in a specific Organization, or delete a Group admin from one or more Organizations. However, you can remove a Group Admin from the Group using the **Remove from group** option +Users with the Group Admin role have access to all Organizations in that Group, with the same access level as the Organization Admin role in these Organizations. You cannot change the role of a Group admin in a specific Organization, or delete a Group admin from one or more Organizations. However, you can remove a Group Admin from the Group using the **Remove from group** option. ## Promote a Group Member to a Group Admin diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md index ab2c86c5df58..959e333711f3 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md @@ -8,6 +8,6 @@ When you sign up with Snyk, you have a default Organization in your Enterprise G You can create an Organization or join an Organization by invitation. On the **Free** and **Team** plans, you can create up to five Organizations in your Tenant. On the **Enterprise** plan, you can create an unlimited number of Organizations. -If you have more than one Organization, you can switch between Organizations in the Snyk WebUI or using the CLI. For more details, visit [Manage Organizations](create-and-delete-organizations.md)**.** +If you have more than one Organization, you can switch between Organizations in the Snyk Web UI or using the CLI. For more details, visit [Manage Organizations](create-and-delete-organizations.md)**.** -Snyk sends notifications about newly disclosed vulnerabilities by Organization, You can turn notifications on or off for each Organization. +Snyk sends notifications about newly disclosed vulnerabilities by Organization. You can turn notifications on or off for each Organization. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md index 231ff7c1f51a..4dd2a42d6fd0 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md @@ -19,7 +19,7 @@ Follow these steps to create an Organization: 2\. Enter a name for the new Organization. Consider using a structured naming convention to identify your Organizations. {% hint style="info" %} -It is highly recommended to enter a unique name for the new Organization. +Snyk recommends that you enter a unique name for the new Organization. {% endhint %} 3\. From the dropdown list, select an Organization from which to copy all settings and integrations. @@ -44,7 +44,7 @@ Follow these steps to delete an Organization: 2\. After the selected Organization appears, click **Org Settings** on the Group menu. -3\. On the **Settings** page, select **Genera**l on the menu. +3\. On the **Settings** page, select **General** on the menu. 4\. Scroll down to the **Delete organization** section and click **Delete organization**: diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md index c2ef641d2c16..eaf7e2a856cf 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md @@ -3,7 +3,7 @@ In the **Organization** where you want to manage users, select the **Members** menu option. {% hint style="info" %} -You must have the permissions required to perform these tasks. For details, see [Pre-defined user roles](../../user-roles/pre-defined-roles.md) for a list of permissions. +You must have the required permissions to perform these tasks. For a list of permissions, see [Pre-defined user roles](../../user-roles/pre-defined-roles.md). {% endhint %} ## Add users @@ -17,7 +17,7 @@ You can do the following on the **Add members** screen: * Select **Invite new members** to send an email invitation to a new user. Enter the email addresses of users to invite, separated by commas, and click **Send invite**. * Select **Add existing members** to add existing members of your Group to the Organization. Select the users when prompted and click **Invite members.** * For Free plan users only:\ - Select **Invite by link** to send a link; click **Copy link** and send the link yourself. Note that an invite link expires after 48 hours. + Select **Invite by link** to send a link. Click **Copy link** and send the link yourself. Note that an invite link expires after 48 hours. * Use the **New members join as** dropdown to define the default role of a user when joining, such as **Org admin**. For details, see [Manage permissions](../../user-roles/pre-defined-roles.md). For a demonstration of adding users, view this video: @@ -43,7 +43,7 @@ To change the role of a user, click on the **Role** entry for the member and use

Select new role

{% hint style="warning" %} -For Enterprise plan customers who create custom roles, Snyk prevents users from assigning roles to other users who have more privileges. If you try to update a role, invite a new user, or add an existing user with a role that has more privileges than you have, you will see the error **Cannot assign higher privilege role**. +For Enterprise plan customers who create custom roles, Snyk prevents users from assigning roles to other users who have more privileges. If you try to update a role, invite a new user, or add an existing user with a role that has more privileges than you have, you see the error **Cannot assign higher privilege role**. {% endhint %} ## Delete Organization members diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md index a73e29019b96..aab47a711d79 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md @@ -1,16 +1,16 @@ # Organization general settings -To view and modify settings for your Organization, be sure you are in your Organization and navigate to **Settings** > **General**: +To view and modify settings for your Organization, ensure you are in your Organization and navigate to **Settings** > **General**:

Organization general settings

In the Organization general settings, you can view and modify the following: -* **Organization name**: Set the display name for this Organization. For example, you may want to change the default initial Organization display name to reflect better the work that Organization relates to. Note that changing the Organization display name does not change the URL displayed in the browser bar or the internal name used by the CLI. To fully change the name, [create a new Organization](https://app.snyk.io/create-organisation) with the desired name. -* **Organization API key:** View or copy the Organization API key. [Service accounts](../../../implementation-and-setup/enterprise-setup/service-accounts/) require an API key (token) to substitute for standard user credentials. Click the **Manage Service accounts** button to set up details for service accounts. -* **Organization ID**: View or copy the Organization ID, which is the internal ID for the Organization, generated automatically when each Organization is created. This ID uniquely identifies this Organization and is required when you use the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). These Organization identification details are generated automatically by Snyk for each Organization when it is created. +* **Organization name**: Set the display name for this Organization. For example, you might want to change the default initial Organization display name to reflect better the work that Organization relates to. Note that changing the Organization display name does not change the URL displayed in the browser bar or the internal name used by the CLI. To fully change the name, [create a new Organization](https://app.snyk.io/create-organisation) with the name you want. +* **Organization API key:** View or copy the Organization API key. [Service accounts](../../../implementation-and-setup/enterprise-setup/service-accounts/) require an API key (token) to substitute for standard user credentials. Click **Manage Service accounts** to set up details for service accounts. +* **Organization ID**: View or copy the Organization ID, which is the internal ID for the Organization. Snyk generates this ID automatically when each Organization is created. This ID uniquely identifies this Organization and is required when you use the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). * **Ignores**: Define Organization-wide ignore settings. You can choose from the following options: - * **Ability to ignore an issue, or edit the ignore settings on an issue** **through the Snyk app or API** + * **Ability to ignore an issue, or edit the ignore settings on an issue** **through the Snyk Web UI or API** * `Admin users only` * `All users in any environment` * **Ability to ignore issues through the CLI or `.snyk` file** @@ -20,8 +20,8 @@ In the Organization general settings, you can view and modify the following: * `Required (only applies to ignores in the Snyk app, not the CLI or API)` * `Not required` * See [Configure Ignore settings](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues#configure-ignore-settings) in the Ignore issues documentation for more details. -* **Requesting access**: Enable to allow users without access to this Snyk Organization to request access. This includes external users. For more details, see [Enable the request for access setting](requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. -* **Leave Organization**: Leave this Organization. You will lose access to the Projects and notifications for that Organization. +* **Requesting access**: Enable this setting to allow users without access to this Snyk Organization to request access. This includes external users. For more details, see [Enable the request for access setting](requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. +* **Leave Organization**: Leave this Organization. You lose access to the Projects and notifications for that Organization. * **Delete Organization**: Delete this Organization to remove it entirely from Snyk, including all of its Projects and their historical data. See [Delete an Organization](create-and-delete-organizations.md#delete-an-organization) in the Manage Organizations documentation for details. For more information about Organization settings, see [Manage Organizations](create-and-delete-organizations.md). diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md index daa8c3ff5939..26aeb088b517 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md @@ -18,6 +18,6 @@ Follow these steps to change your Preferred Organization:

Change your Preferred Organization

-3\. Click the **Update Preferred Org** button to save your new setting. +3\. Click **Update Preferred Org** to save your new setting. The Organization you selected as your **Preferred Organization** is displayed when you log in to your Snyk account and used by default for the test count when you scan using the CLI. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md index 430e4eb0019a..0d60a91342f6 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md @@ -1,6 +1,6 @@ # Switch between Groups and Organizations -Snyk shows your preferred Organization by default when you log into the Snyk Web UI. Snyk also uses the settings for your preferred Organization when you test a Project using the CLI. For more information, see [Manage Organizations](organizations/create-and-delete-organizations.md). +Snyk shows your preferred Organization by default when you log in to the Snyk Web UI. Snyk also uses the settings for your preferred Organization when you test a Project using the CLI. For more information, see [Manage Organizations](organizations/create-and-delete-organizations.md). ## Switch Group @@ -13,7 +13,7 @@ To view or add to your personal Organizations, select **Ungrouped**. ## Switch Organization in the Web UI {% hint style="warning" %} -If your SSO email is provided by Google, then logging in with that email through the Google social provider is not the same as logging in using SSO. Using the Google social option creates a separate free account with the standard free user privileges. You can not switch between Organizations that are in different accounts. +If your SSO email is provided by Google, then logging in with that email through the Google social provider is not the same as logging in using SSO. Using the Google social option creates a separate free account with the standard free user privileges. You cannot switch between Organizations that are in different accounts. {% endhint %} You must also be aware of the Organization you are viewing. Organizations contain different Projects. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md index 2e78267b3448..c2af1fbf648d 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md @@ -8,7 +8,7 @@ Some Tenant features, such as Snyk Analytics, are available only for Enterprise A Tenant is the top level of the Snyk hierarchy. It encompasses all your Groups and Organizations and all their corresponding Snyk work items. The Tenant is helpful in organizing access and reporting on the platform when you are a large Enterprise with multiple Groups. -At the Tenant level, you can manage access to features that work across your entire Snyk estate, such as [Snyk Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) and Members, which allows you to manage users. +At the Tenant level, you can manage access to features that work across your entire Snyk estate, such as [Snyk Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) and Members, which lets you manage users. Tenant-level roles include **Tenant Admin**, **Tenant Viewer**, and **Tenant Member**. For more information, see [Pre-defined roles](../../user-roles/pre-defined-roles.md#role-types). @@ -25,7 +25,7 @@ If you are a member of more than one Tenant, you can switch between them by sele In the Snyk 2.0 UI, you can navigate between different levels of your account (Tenant, Group, and Organization) using the scope selector at the top of the page. When you select a scope, the side menu automatically displays the relevant tools and data for that area. -Snyk 2.0 introduces UI enhancements to the platform navigation and is available in Early Access. This is being rolled out gradually, so not all users see the new navigation at the same time +Snyk 2.0 introduces UI enhancements to the platform navigation and is available in Early Access. Snyk is rolling this out gradually, so not all users see the new navigation at the same time. If you are an existing user, you can switch between the new and classic navigation at any time using the toggle in your user profile menu. For more information, visit [Snyk 2.0 platform improvements](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/snyk-2.0-platform-improvements). {% endhint %} diff --git a/platform-administration/snyk-platform-administration/manage-notifications.md b/platform-administration/snyk-platform-administration/manage-notifications.md index e86525356b50..fa8ff7d874ff 100644 --- a/platform-administration/snyk-platform-administration/manage-notifications.md +++ b/platform-administration/snyk-platform-administration/manage-notifications.md @@ -1,6 +1,6 @@ # Manage notifications -Snyk notifies you automatically when new issues are found in the Projects you are monitoring to alert you to new possible new risks in these Projects. +Snyk notifies you automatically when it finds new issues in the Projects you are monitoring, to alert you to possible new risks in these Projects. ## How notifications are sent @@ -25,7 +25,7 @@ Setting a Project to inactive does not stop Snyk from sending notifications. You {% hint style="info" %} **FedRAMP environment notifications**\ -Both [issue alert emails](manage-notifications.md#group-defaults-for-issue-alert-emails) and [weekly report emails](manage-notifications.md#group-defaults-for-weekly-report-emails) are disabled for FedRAMP environments. Their notification settings may be hidden from the page. +Both [issue alert emails](manage-notifications.md#group-defaults-for-issue-alert-emails) and [weekly report emails](manage-notifications.md#group-defaults-for-weekly-report-emails) are disabled for FedRAMP environments. Their notification settings might be hidden from the page. {% endhint %} ## How to manage notifications @@ -62,8 +62,8 @@ To set the defaults for issue alert emails: 1. Check the **Vulnerabilities** box when users of new Organizations in this Group should receive alert emails by default for new issues or remediations for all Projects in a new Organization. 2. Check the **License Violations** box when users of new Organizations in this Group should receive alert emails for new license issues or remediations for all Projects in a new Organization. -3. If either the **Vulnerabilities** or **License Violations** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down list. -4. To change the default for individual organizations, change the **Vulnerabilities**, **License Violations,** and **Severity** settings next to the Organization name. These settings apply for any individual user who has not updated personal notifications when you create new Organizations in this Group. +3. If either the **Vulnerabilities** or **License Violations** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown list. +4. To change the default for individual Organizations, change the **Vulnerabilities**, **License Violations,** and **Severity** settings next to the Organization name. These settings apply for any individual user who has not updated personal notifications when you create new Organizations in this Group. #### Group defaults for weekly report emails @@ -72,7 +72,7 @@ Weekly report emails are notifications Snyk sends to provide a summary of the vu To set the defaults for weekly report emails: * Check the **Email notifications** box when users of new Organizations in this Group should receive a weekly summary email. -* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults will apply for new Organizations created in this Group. +* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults apply for new Organizations created in this Group. {% hint style="info" %} Individual Projects cannot be excluded from Weekly reports. They can be excluded only from Issue Alert emails, and new vulnerabilities or remediations. @@ -85,7 +85,7 @@ Usage alert emails are notifications Snyk sends to warn you when you are approac To set the defaults for usage alerts: * Check the **Email notifications** box when users of new Organizations in this Group should receive usage alert emails. -* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults will apply for new Organizations created in this Group. +* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults apply for new Organizations created in this Group. ### Define Organization notification defaults @@ -112,7 +112,7 @@ To set the defaults for issue alert emails: * Clear the **On** box to turn off issue alert emails for new Projects imported into this Organization. Check the box when new Projects in this Organization should receive the defined alerts. * Check the **Vulnerabilities** box to set the default for all Projects in this Organization to generate alert emails for new issues or remediations. * Check the **License violations** box to set the default for all Projects in this Organization to generate alert emails for new license issues or remediations. -* If either the **Vulnerabilities** or **License violations** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down Projects list. +* If either the **Vulnerabilities** or **License violations** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown Projects list. #### Organization defaults for weekly report emails @@ -137,17 +137,17 @@ To override these settings, change your notification preferences:

Notification settings at the Account level

-The Account Settings page allows you to change the types of notifications for each Organization to which you belong. You can also customize the notifications for individual Projects. +The Account Settings page lets you change the types of notifications for each Organization to which you belong. You can also customize the notifications for individual Projects. ### Preferences for issue alert emails -Issue alert emails are notifications Snyk sends the day it finds a new vulnerability license issue, or remediation. +Issue alert emails are notifications Snyk sends the day it finds a new vulnerability, license issue, or remediation. To customize your settings for issue alert emails for each Organization for which you are a member: * Check the **Vulnerabilities** box to receive alert emails for new issues or remediations for all Projects in the Organization. * Check the **Licenses** box for Open Source to receive alert emails for new license issues for all Projects in the Organization. -* If either the **Vulnerabilities** or **Licenses** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down list. +* If either the **Vulnerabilities** or **Licenses** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown list. To customize your settings for individual Projects: diff --git a/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md b/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md index ec4c6069f969..9c4a7175116c 100644 --- a/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md +++ b/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md @@ -1,8 +1,8 @@ # Provision users to Organizations using the API -The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are [Provision a user to the organizaton](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision), [List pending user provisions](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-1), and [Delete pending user provision](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-2). +The Provision user endpoints let you organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are [Provision a user to the organizaton](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision), [List pending user provisions](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-1), and [Delete pending user provision](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-2). -Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the endpoint [Provision a user to the organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision) to add users to Organizations at scale before their first login. +Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they have all their permissions. You can use the endpoint [Provision a user to the organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision) to add users to Organizations at scale before their first login. ## Prerequisites for provisioning users using the API diff --git a/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md b/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md index b9936dfdad8b..e2b38050fef7 100644 --- a/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md +++ b/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md @@ -22,7 +22,7 @@ For each user, call the endpoint to remove that member from the Organization usi For a successful request, the response is `200 OK`. -Look at the Organization members page to verify that the member has been removed. +Look at the Organization members page to verify that Snyk removed the member. {% hint style="info" %} When a member is removed from an Organization, if the Organization is a part of a Group, the user continues to exist in the Group as a Group Member. To completely remove the user from the Group, follow the steps in the next section. @@ -62,7 +62,7 @@ For each user, to remove that member from the Group, call the endpoint using the For a successful request, the response is `200 OK`. -Look at the Group members page to verify the user has been removed. +Look at the Group members page to verify that Snyk removed the user. {% hint style="info" %} When a member is removed from a Group, the user continues to exist in Snyk. To completely delete all data associated with the user, follow the step in the next section. @@ -82,5 +82,5 @@ You can find the `{sso_id}` on the Snyk Web UI; navigate to **Group** > **Settin For a successful request, the response is `200 OK`. -Use the following request to verify the member has been deleted.\ +Use the following request to verify that Snyk deleted the member.\ `GET https://api.snyk.io/v1/user/userId` diff --git a/platform-administration/snyk-platform-administration/user-roles/README.md b/platform-administration/snyk-platform-administration/user-roles/README.md index b7fa6fda461e..cb9830a89f7f 100644 --- a/platform-administration/snyk-platform-administration/user-roles/README.md +++ b/platform-administration/snyk-platform-administration/user-roles/README.md @@ -3,7 +3,7 @@ {% hint style="info" %} **Feature availability** -The Snyk free subscription plan allows you to send up to 200 pending invitations every seven days and has only administrator roles. +The Snyk free subscription plan lets you send up to 200 pending invitations every seven days and has only administrator roles. Enterprise plans have administrators, viewers, collaborators, and custom roles. diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md index 31e65a61844f..e5e6349b8b61 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md @@ -20,5 +20,5 @@ You can use these templates to create your own custom roles that fit into and re * [Snyk Learn - Learning Admin](snyk-learn-learning-admin.md) {% hint style="warning" %} -If you create a Group level custom role that enables creation of new Organizations, you must include the **Add Organizations** and **View Groups** permissions. When enabled, the user with that custom role will be able to see the **Create organization** button when switching Organizations in the Web UI. +If you create a Group level custom role that enables creation of new Organizations, you must include the **Add Organizations** and **View Groups** permissions. When enabled, the user with that custom role can see **Create organization** when switching Organizations in the Web UI. {% endhint %} diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md index 5475f1e9fdf9..dc236c00f967 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md @@ -1,6 +1,6 @@ # CLI Tester role template -This Organization-level role allows service accounts in CI/CD pipelines to run basic Snyk CLI commands. The role grants permissions to run `snyk test` to check Projects for vulnerabilities and `snyk monitor` to send snapshots to the Snyk UI. +This Organization-level role lets service accounts in CI/CD pipelines run basic Snyk CLI commands. The role grants permissions to run `snyk test` to check Projects for vulnerabilities and `snyk monitor` to send snapshots to the Snyk UI. This role does not include permissions to manage pull requests. If your CI/CD pipeline updates pull request (PR) statuses or interacts with source control manager (SCM) checks, use the Developer role template. diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md index 0c2f24d71e88..1eb748ef7c10 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md @@ -1,8 +1,8 @@ # Developer role template -This Organization-level role enables review of scan results, fixing issues, and initiating Project tests. Users with this role can view Organizations and Projects. +With this Organization-level role, users can review scan results, fix issues, and start Project tests. Users with this role can view Organizations and Projects. -Often, when deploying Snyk, developers may have the ability to override Snyk PR checks, but this permission can be revoked after developers are comfortable using the Snyk IDE extensions and start fixing issues earlier in the SDLC. Similarly, you may start by allowing developers to add Projects and then limit that permission to a Team Lead. +Often, when deploying Snyk, developers can override Snyk PR checks, but you can revoke this permission after developers are comfortable using the Snyk IDE extensions and start fixing issues earlier in the SDLC. Similarly, you can start by allowing developers to add Projects and then limit that permission to a Team Lead. ## Group-level permissions diff --git a/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md b/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md index 9e6a0465211c..ef11b99f2807 100644 --- a/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md +++ b/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md @@ -6,7 +6,7 @@ The pre-defined roles Snyk provides are as follows: * **Organization Admin:** the standard role equivalent for Team Leads. Users with this role can add and delete Projects, override Snyk checks, and provision Group members with an Organization-level role. This role and the associated permissions supersede Group Member role restrictions. * **Organization Collaborator:** the standard role equivalent for Developers. This role is ideal for small teams or a developer-first organizational approach. -* **Group Admin:** the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they will not be visible in an Organization level list. +* **Group Admin:** the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they are not visible in an Organization level list. * **Group Viewer:** a user who can access the Group level but requires Organization-level permissions to take actions in Snyk. This is normally used as a starting point during onboarding with Snyk to understand functions tied to Group permissions and design a custom Group role for post-deployment use. * **Group Member:** a non-functional user role added to your environment as a transition from Group Viewer if you do not yet wish to create a custom role after onboarding with Snyk. This means the permissions granted can vary depending on your requirements, as discussed with your Snyk contacts. Select the named role from the list under Manage Members in the Snyk Web UI to check the permissions assigned to your Group Member role. * **Tenant Admin**: a user who can access all Tenant products and settings. This role is reserved for account owners and admins only. diff --git a/platform-administration/snyk-platform-administration/user-roles/user-role-management.md b/platform-administration/snyk-platform-administration/user-roles/user-role-management.md index d4230a1e6064..4c18f2eadfc7 100644 --- a/platform-administration/snyk-platform-administration/user-roles/user-role-management.md +++ b/platform-administration/snyk-platform-administration/user-roles/user-role-management.md @@ -6,7 +6,7 @@ Managing user roles is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Manage roles functionality enables you to manage pre-defined and custom roles, allowing you to create and enforce set permissions for roles that reflect the users and functions in your Organization. +The Manage roles functionality in Snyk lets you manage pre-defined and custom roles, so you can create and enforce set permissions for roles that reflect the users and functions in your Organization. Under **Manage roles**, you can: @@ -35,7 +35,7 @@ For more information, see [User management with the API](../user-management-with You can create, edit, duplicate, and delete custom roles, granting your users the exact permissions they need to do their jobs across the Snyk platform. This ensures the right people have the right access to the right resources at the right time, maximizing transparency and reducing risk. -You will find [pre-defined roles](pre-defined-roles.md) such as **Organization Admin** and **Organization Collaborator** listed under your Group. These roles can be selected to view their associated permissions, but permissions cannot be added, edited, or removed. Pre-defined role permissions can be duplicated to act as a starting point for any custom role creation. +You can find [pre-defined roles](pre-defined-roles.md) such as **Organization Admin** and **Organization Collaborator** listed under your Group. You can select these roles to view their associated permissions, but you cannot add, edit, or remove permissions. Pre-defined role permissions can be duplicated to act as a starting point for any custom role creation. ## Create a custom role @@ -45,7 +45,7 @@ Click the **Create new role** button and enter the **New role name**, **Role Typ

Create a custom Organization-level role

-If you would like to continue, you can click the **Create role** button. Basic details about the role are visible in the top section of the **Role details** screen. +To continue, click **Create role**. Basic details about the role are visible in the top section of the **Role details** screen.

Role Details for a custom role

@@ -85,7 +85,7 @@ To copy a role, use the **Duplicate** button next to each role in the Member Rol

Duplicate a role using the Duplicate role button under Role Details

-A Duplicate role pop-up will appear, prompting you to enter a unique name and description. You can select the option to use the description from the role you copied from, but this can be edited later. Click the **Duplicate Role** button to proceed with creation. A **Group Admin** or a custom role with **Role management** permissions can edit this role to assign new permissions to it or remove any permissions already assigned. +A Duplicate role pop-up appears, prompting you to enter a unique name and description. You can select the option to use the description from the role you copied from, but this can be edited later. Click the **Duplicate Role** button to proceed with creation. A **Group Admin** or a custom role with **Role management** permissions can edit this role to assign new permissions to it or remove any permissions already assigned.

Duplicate role creation

@@ -127,7 +127,7 @@ Click **Add members** > **Invite new members** and select the role to assign fro Click the **Add members** button > **Add existing members** to promote current Group Members to an Organization-specific role. {% hint style="warning" %} -Snyk prevents users from assigning roles to others with more privileges than those the user who is assigning roles already has. If you try to update the role of a member, invite a new member, or add an existing member with a role that has more privileges than you have, you will see the error **Cannot assign higher privilege role**. +Snyk prevents users from assigning roles to others with more privileges than those the user who is assigning roles already has. If you try to update the role of a member, invite a new member, or add an existing member with a role that has more privileges than you have, you see the error **Cannot assign higher privilege role**. {% endhint %} ### Assign roles to service accounts