Skip to content

twilio-labs/snyk-watcher

Repository files navigation

How does it work?

Snyk-Watcher listens for webhooks to trigger events. It watches the main branch for the following events from Github:

  • Repository - Created, Deleted, Renamed
  • Pull Request - All

For the pull request webhooks, Snyk-Watcher will only try to import a project if it has been merged to main.

Installation

Snyk-Watcher runs completely standalone in a Docker container. We've included a docker-compose file to make it easy to build.

  1. Clone this repository.

  2. Build the container:

    docker-compose build

  3. Start Snyk-Watcher:

    docker-compose up

    You can verify that Snyk-Watcher is running by navigating to:

    localhost:8000/healthcheck

  4. In GitHub, go to the GitHub Apps developer setting and click New GitHub App.

  5. Enter the following values in the Register new GitHub App form:

    • GitHub App name: Snyk-Watcher
    • Webhook URL: {server}/github/webhook
    • Secret: {a highly random string}
  6. Give Snyk-Watcher access to the following Repository permissions:

    • Repository Administration (Read-only)
    • Metadata (Read-only)
    • Pull requests (Read-only)
  7. Subscribe to the following events:

    • Pull request
    • Repository
  8. Provide the Snyk-Watcher container your GitHub and Snyk tokens in these two environment variables:

    • SECRET_GITHUB_SECRET
    • SECRET_SNYK_API_TOKEN
  9. Test Snyk-Watcher by adding a new repository, then looking in the app’s advanced settings to see if the request was successful.

Limitations

  • At this time, Snyk-Watcher has been tested only with GitHub and GitHub Enterprise.
  • Snyk-Watcher does not have access to your code and does not make any changes to your GitHub organization or repositories.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •