plugin-scaffolder-backend-module-snyk
Welcome to the plugin-scaffolder-backend-module-snyk
custom action!
This contains one action: snyk:import-projects
The snyk:import-projects
action allows the task to automatically import repositories into Snyk so that they are monitored for vulnerabilities. It uses the Snyk API and requires paid plan.
Setup to work with GitHub, GH Enterprise, Bitbucket Cloud and Azure Repos.
Getting started
Create your Backstage application using the Backstage CLI as described here: https://backstage.io/docs/getting-started/create-an-app
Note: If you are using this plugin in a Backstage monorepo that contains the code for
@backstage/plugin-scaffolder-backend
, you need to modify your internal build processes to transpile files from thenode_modules
folder as well.
You need to configure the action in your backend:
From your Backstage root directory
cd packages/backend
yarn add @ma11hewthomas/plugin-scaffolder-backend-module-snyk
Configure the action: (you can check the docs to see all options):
// packages/backend/src/plugins/scaffolder.ts
---
import { ScmIntegrations } from '@backstage/integration';
import { snykImportProjectAction } from '@ma11hewthomas/plugin-scaffolder-backend-module-snyk';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
const catalogClient = new CatalogClient({
discoveryApi: env.discovery,
});
const integrations = ScmIntegrations.fromConfig(env.config);
const builtInActions = createBuiltinActions({
integrations,
catalogClient,
config: env.config,
reader: env.reader,
});
const actions = [...builtInActions, snykImportProjectAction()];
return await createRouter({
actions,
logger: env.logger,
config: env.config,
database: env.database,
reader: env.reader,
catalogClient,
});
}
Authorization
In order to use plugin-scaffolder-backend-module-snyk
, you must provide an API token which it can use to access the Snyk API.
Get your Snyk API token (Admin permission is required to import projects) and provide SNYK_TOKEN env var with the value "token "
export SNYK_TOKEN="token 123-123-123-123"
Example of using
---
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: debug
title: debug
description: Template for debugging
tags:
- debug
spec:
owner: MatthewThomas
type: debug
steps:
- id: template
name: Snyk import projects
action: snyk:import-projects
input:
repoOwner: Ma11thewThomas
repoName: matthew-thomas-backstage-plugins
repoBranchName: main
snykOrganizationId: your-org-id
snykIntegrationId: your-integration-id
This action is typically used after the publish action, but can be used on its own.
You can visit the /create/actions
route in your Backstage application to find out more about the parameters this action accepts when it's installed to configure how you like.