SnykPublished on July 21st, 2021
In order to use the Backstage Snyk plugin with Roadie, you must securely provide Roadie with an API token which it can use to access the Snyk API.
Connect Roadie to Snyk
To get an API token, you need to sign up for a Snyk account. Within this account, you will need to obtain three things:
- API token
- Organization Name
- Project ID
This can be found by clicking your name in the top right-hand corner and going to General Settings.
This can be found under the settings page that is visible when you login to Snyk.
This can be found under the Projects tab. It will be used to link snyk projects to backstage.
Step 1: Add the token to Roadie
Click the pencil icon beside
SNYK_TOKEN. Enter it into the input in the dialog that pops up (See above for retrieving token).
Wait a few moments for the secret to be applied.
Step 2: Add the Snyk annotation to a component
Using the Snyk UI, find a Snyk project which you would like to associate with a component in Roadie (see above for retrieving ID.
Copy the name from the Project settings
catalog-info.yaml for the component you wish to associate with this Snyk project and add the
apiVersion: backstage.io/v1alpha1 kind: Component metadata: name: sample-service description: Sample service annotations: snyk.io/org-name: <Your organization> snyk.io/project-ids: <Your Project ID>
Commit and push this change and Roadie should pick it up within a few minutes.