snyk-watcher icon indicating copy to clipboard operation
snyk-watcher copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

Metadata

How does it work?

Snyk-Watcher listens for webhooks to trigger events. It watches the main branch for the following events from Github:

  • Repository - Created, Deleted, Renamed
  • Pull Request - All

For the pull request webhooks, Snyk-Watcher will only try to import a project if it has been merged to main.

Installation

Snyk-Watcher runs completely standalone in a Docker container. We've included a docker-compose file to make it easy to build.

  1. Clone this repository.

  2. Build the container:

    docker-compose build

  3. Start Snyk-Watcher:

    docker-compose up

    You can verify that Snyk-Watcher is running by navigating to:

    localhost:8000/healthcheck

  4. In GitHub, go to the GitHub Apps developer setting and click New GitHub App.

  5. Enter the following values in the Register new GitHub App form:

    • GitHub App name: Snyk-Watcher
    • Webhook URL: {server}/github/webhook
    • Secret: {a highly random string}

  6. Give Snyk-Watcher access to the following Repository permissions:

    • Repository Administration (Read-only)
    • Metadata (Read-only)
    • Pull requests (Read-only)

  7. Subscribe to the following events:

    • Pull request
    • Repository

  8. Provide the Snyk-Watcher container your GitHub and Snyk tokens in these two environment variables:

    • SECRET_GITHUB_SECRET
    • SECRET_SNYK_API_TOKEN

  9. Test Snyk-Watcher by adding a new repository, then looking in the app’s advanced settings to see if the request was successful.

Limitations

  • At this time, Snyk-Watcher has been tested only with GitHub and GitHub Enterprise.
  • Snyk-Watcher does not have access to your code and does not make any changes to your GitHub organization or repositories.

Metadata

20
Stars
9
Forks
Watchers

Owner

verified publisher icon twilio-labs

Metadata

Back