Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion platform-administration/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ You can manage users and permissions in your Groups. For details, see [Manage us

### Manage Tenant, Groups, and Organizations

Snyk groups and organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/).
Snyk Groups and Organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/).

### Define notifications

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@

PR Checks for Bitbucket Server integrations require Bitbucket Server version 7.4 and above, or Bitbucket Data Center version 8 or above.\
\
When using a brokered connection, Snyk Broker version 5.4.9 and above is required.
When using a brokered connection, you must use Snyk Broker version 5.4.9 and above.
{% endhint %}

Review the general instructions for the installation method you plan to use, [Helm](../install-and-configure-broker-using-helm.md) or [Docker](../install-and-configure-broker-using-docker.md).

Before installing the Bitbucket Server/Data Center Broker, ensure your Snyk account team provides you with a Broker token.

Docker or an equivalent method is required to run Docker Linux containers. Some Docker setups for Windows only support Windows containers. Ensure your deployment can run Linux containers.
You must have Docker or an equivalent method to run Docker Linux containers. Some Docker setups for Windows support only Windows containers. Ensure your deployment can run Linux containers.

After you meet all the prerequisites, you can continue with the steps to install using [Docker](bitbucket-server-data-center-install-and-configure-using-docker.md) or [Helm](bitbucket-server-data-center-install-and-configure-using-helm.md).
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ Before installing, review the [prerequisites](./) and the general instructions f

This integration is useful to ensure a secure connection with your on-premise Bitbucket deployment.

This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude Basic Auth usage, in which case Bearer Auth is preferred.
This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude use of Basic Auth, in which case Bearer Auth is preferred.

## Configure Broker to be used with Bitbucket using Basic Auth

The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment.

To use the Snyk Broker Client with BitBucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables.
To use the Snyk Broker Client with Bitbucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables.

If necessary, navigate to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md).

Expand Down Expand Up @@ -48,7 +48,7 @@ Snyk Essentials is set by default to **`false`**. Enable it by setting the flag

The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment using an API token.

To use the Snyk Broker Client with BitBucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md).
To use the Snyk Broker Client with Bitbucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md).

If necessary, go to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md).

Expand Down Expand Up @@ -79,9 +79,9 @@ Snyk Essentials is set by default to `false`. Enable it by setting the flag to `

Paste the Broker Client configuration to start the Broker Client container.

Once the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects`
After the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects`.

## Basic troubleshooting for Broker with BitBucket
## Basic troubleshooting for Broker with Bitbucket

* Run `docker logs <container id>` to look for any errors, where `container id` is the Bitbucket Broker container ID.
* Ensure relevant ports are exposed to Bitbucket.
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Copy the following command to set up a fully configured Broker Client to analyze

{% hint style="info" %}
**Multi-tenant settings for regions**\
When installing, you must add a command in your script to set the `BROKER_SERVER_URL`.This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).
When installing, you must add a command in your script to set the `BROKER_SERVER_URL`. This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).
{% endhint %}

```bash
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Install and configure Broker using Docker

{% hint style="info" %}
[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration.
[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration.
{% endhint %}

{% hint style="info" %}
Expand All @@ -21,7 +21,7 @@ The following pages explain how to install these special integrations.

* [GitHub](github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md)
* [GitHub Enterprise](github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-docker.md)
* [Bitbucket Server/Data Centre](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md)
* [Bitbucket Server/Data Center](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md)
* [Gitlab](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md)
* [Azure Repos](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md)
* [JFrog Artifactory Repository](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md)
Expand All @@ -31,7 +31,7 @@ The following pages explain how to install these special integrations.

You can customize the configuration using the environment variables in the Docker images. For this reason, install separate, multiple instances of the Broker Client for different integration types to ensure proper configuration as well as redundancy.

You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected.
You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected.

## Advanced configuration using Docker

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Install and configure Broker using Helm

{% hint style="info" %}
[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration.
[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration.
{% endhint %}

{% hint style="info" %}
Expand All @@ -22,7 +22,7 @@ When you set up Snyk Broker for use in regions other than the default, additiona

## Install using the Snyk Broker Helm Chart

The Helm chart does not manage connectivity, and thus, you will be responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster.
The Helm chart does not manage connectivity, so you are responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster.

To use this chart, you must first add the Snyk Broker Helm Chart by adding the repo:

Expand All @@ -48,7 +48,7 @@ Beginning with version 2.0.0, all created objects have a suffix based on the rel

Additional commands are available to install [Snyk Broker - Container Registry Agent](../../../../implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/), needed to connect to Container Registries; `scmType`: `container-registry-agent`\\

You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected.
You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected.

## Advanced configuration using Helm

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ For code repository (SCM) integrations, you can generate a Broker token by using
1. Use the endpoint [Update Existing Integration](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-type) to enable Snyk Broker for a specific Organization and a specific SCM. Follow the example under "Set up a broker for an existing integration." This generates a Broker token in the UI.
2. To generate a Broker token programmatically after enabling Snyk Broker, use the endpoint [Provision new Broker token](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-integrationid-authentication-provision-token) to generate a Broker token.\
You can see the generated Broker token in the API response body and on the Web UI.
3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration. by selecting **Settings** > **Integrations** for that specific integration to see the Broker token.
3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration by selecting **Settings** > **Integrations** for that specific integration to see the Broker token.
4. After generating the Broker token, copy and save it and store it in a secure location for future use, or obtain it later using the Web UI.

## **Generate a Broker token in the Web UI**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ A deployment can support multiple connections of any type, as shown in the diagr

<figure><img src="../../../.gitbook/assets/image 5 (6).png" alt=""><figcaption><p>Universal Broker deployment example</p></figcaption></figure>

Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organization(s). These Organizations can be in the same or different Snyk Groups.
Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organizations. These Organizations can be in the same or different Snyk Groups.

In the diagram, Group 1 includes Organizations A through D, and Group 2 includes Organizations E and F.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ You can share credentials references across connections by selecting a credentia

After the connection is created, run `snyk-broker-config workflows connections integrate` and select the desired deployment and connection. Then enter the Organization ID for the Organization with which you want to integrate. For details, see [Integrate a connection with an Organization](../../../implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md#integrate-a-connection-with-an-organization).

If you integrate a connection already integrated with an Organization, the previous integration will be lost in favor of the new one. Be sure to paste the correct Organization ID.
If you integrate a connection already integrated with an Organization, the previous integration is lost in favor of the new one. Be sure to paste the correct Organization ID.
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ A typical workflow for adding a new Broker connection using the CLI involves the
snyk-broker-config workflows connections create
```

The CLI will then guide you through the process, prompting for:
The CLI then guides you through the process, prompting for:

* Your Snyk API Token, required for authentication if you did not already export it as an environment variable.
* The Snyk Organization ID where the Broker connection is used.
Expand Down Expand Up @@ -95,7 +95,7 @@ You will need them to run your Broker Client.
Have you saved these credentials? (Y/N)
```

The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret will be displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually.
The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret is displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually.

* When you have saved your credentials, type Y and press Enter.

Expand Down
Loading