Giter Site home page Giter Site logo

backstage-plugin-snyk's Introduction

Snyk Backstage Plugin

Inactively Maintained

This repository is in maintenance mode, no new features are being developed. Bug & security fixes will continue to be delivered. Open source contributions are welcome for small features & fixes (no breaking changes)

The Snyk plugin displays security details from snyk.io.

Snyk Tab

Getting started

Requirements: Snyk API enabled (Paid plans only)

  1. Install plugin
# packages/app
yarn add --cwd packages/app backstage-plugin-snyk
  1. Add plugin to the app
// packages/app/src/App.tsx
import { EntitySnykContent } from 'backstage-plugin-snyk';

....

<FlatRoutes>
...
<Route path="/snyk" element={<EntitySnykContent />}/>
...
</FlatRoutes>
  1. Add Snyk card and tab to the entity page The plugin is composed of 2 main parts
  • Snyk tile on the entity overview page
  • Security tab in the entity displaying further details

a. Import the elements

// packages/app/src/components/catalog/EntityPage.tsx
import { SnykOverview, EntitySnykContent, isSnykAvailable } from 'backstage-plugin-snyk';

b. Add the overview card

Overview card

// packages/app/src/components/catalog/EntityPage.tsx
const entityWarningContent = (
  <>
    ...
    <EntitySwitch>
      <EntitySwitch.Case if={isSnykAvailable}>
        <Grid item md={6}>
          <SnykOverview />
        </Grid>
      </EntitySwitch.Case>
    </EntitySwitch>
    ...
  </>
);

c. Add the tab (feel free to rename title to Security, snyk, vulns, whatever you think is best)

const ServiceEntityPage = (
  <EntityLayoutWrapper>
   ...
    <EntityLayout.Route path="/snyk" title="Security">
      <EntitySnykContent />
    </EntityLayout.Route>
   ...
  </EntityLayoutWrapper>
);
  1. Add snyk proxy config to app-config.yaml file at the root directory. If using Snyk self hosted, adjust target to https://YOURHOSTNAME/api. User Agent helps us see how much API traffic comes from backstage setups so we can invest more in the plugin !
proxy:
  ...

  '/snyk':
    target: https://api.snyk.io/
    headers:
      User-Agent: tech-services/backstage-plugin/1.0
      Authorization: token ${SNYK_TOKEN}
  ...

Optional if using Snyk in other regions (not using app.snyk.io), set the hostname you're seeing in your address bar

snyk:
  AppHost: app.eu.snyk.io
  1. Get your Snyk token (a service account with Viewer permission at your group level is preferred) and provide SNYK_TOKEN env var with the value ""
export SNYK_TOKEN="123-123-123-123"
  1. Add this following annotation to your entities.
  • snyk.io/org-id is the ID of the Snyk organization where your project is. You can find the ID in the Organization Settings in the Snyk dashboard.
  1. Then add one or more than one of the following annotations to your entities.
  • snyk.io/target-id specify a single target by name or ID. Target ID will avoid an API call and be therefore faster. Use this API endpoint to get the Target IDs.
  • snyk.io/targets specify one or more targets, by name or ID. Target ID will avoid an API call and be therefore faster. Use this API endpoint to get the Target IDs.
  • snyk.io/project-ids are the project ID (see slug in url or ID in project settings) If multiple projects (like multiple package.json or pom files, add them with increasing number), add them comma separated
  • snyk.io/exclude-project-ids to exclude specific projects you might not want. ....

Example:

apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  name: goof
  description: Goof
  annotations:
    snyk.io/org-id: 361fd3c0-41d4-4ea4-ba77-09bb17890967
    snyk.io/targets: Snyk Demo/java-goof,508d2263-ea8a-4e42-bc9d-844de21f4172
    snyk.io/target-id: aarlaud-snyk/github-stats
    snyk.io/project-ids: 7439e322-f9c1-4c42-8367-002b33b9d946,db066cb9-b373-46da-b918-b49b541e0d63
    snyk.io/exclude-project-ids: 4737fc9c-3894-40ba-9dc5-aa8ae658c9f6,38e02916-0cf7-4927-ba98-06afae9fef36
spec:
  type: service
  lifecycle: production
  owner: guest
  ....

Some more examples can be found in here

Migration steps from version 1.x to 2.x

  • Update the proxy target to not contain /v1

Troubleshooting

'/snyk':
    target: https://api.snyk.io/
    headers:
      User-Agent: tech-services/backstage-plugin/1.0
      Authorization:
        $env: SNYK_TOKEN
    pathRewrite:
      '^/proxy/snyk/': '/'

Limitations

Infrastructure as Code and Snyk Code projects are not supported currently.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.