Published on July 21st, 2021


In order to use the Backstage Snyk plugin with Roadie, you must securely provide Roadie with an API token which it can use to access the Snyk API.

Connect Roadie to Snyk

To get an API token, you need to sign up for a Snyk account. Within this account, you will need to obtain the following:

  • API token
  • Organization Name

API Token

This can be found by clicking your name in the top right-hand corner and going to General Settings.

API token for Snyk.

Organization Name

This can be found under the settings page that is visible when you login to Snyk.

Organization Name Snyk.

Step 1: Add the token to Roadie


Click the pencil icon beside SNYK_TOKEN. Enter it into the input in the dialog that pops up (See above for retrieving token).

a dialog box with an input called Secret Value. The Snyk token is pasted inside.

Click Save.

Wait a few moments for the secret to be applied.

Step 2: Add the Organization name to Roadie

Components need annotation set in order to work properly. Setting the correct organisation name will automatically retrieve organization id and use it as a value for this annotation. This means you will not have to add a annotation manually for each component but it will be internally retrieved by Roadie using your organisation name.

You can set this up in Settings page:


A text field with snyk org name.

Step 3: Add the relevant Snyk annotations to a component

To configure the Snyk plugin to target the correct entity, you need to configure few annotations to it.

The first one is which identifies your Snyk organization. As described in the Step 2, if you add organisation name, you will not need to add this annotation manually to the files. However, you can also find this value under the settings page that is visible when you login to Snyk.

Organization Name Snyk.

Additionally, the Snyk plugin uses annotation to automatically match projects from GitHub to their corresponding Snyk targets.

For cases where it is not possible to use the GitHub, you can also use annotation. Unfortunately, Snyk doesn’t provide a UI currently to identify Target Ids but you can find them by inspecting the network requests on the Snyk Projects pages.

Edit the catalog-info.yaml for the component you wish to associate with this Snyk project and add the and annotation.

kind: Component
  name: sample-service
  description: Sample service
  annotations: <You Snyk organization id> <Your GitHub repository> <Your Target ID>

Commit and push this change and Roadie should pick it up within a few minutes.


  1. Snyk integration docs