GITBOOK-7171: Custom PR template, Broker use Accept env variable+App …

…vulns in Container
snyk · May 23, 2024 · 68b2043 · 68b2043
1 parent 11eb873
commit 68b2043
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 102 deletions.
diff --git a/...ner-works/application-vulnerabilities-in-snyk-container-and-snyk-open-source.md b/...ner-works/application-vulnerabilities-in-snyk-container-and-snyk-open-source.md
@@ -7,5 +7,5 @@ The results from the Snyk Container application vulnerability feature and Snyk O
 However, results can vary significantly depending on the ecosystem and how the developer builds the application. An application in a container is a compiled application. So, in some ecosystems, Snyk Open Source can scan a more detailed manifest and thus build a more accurate dependency graph:
 
 * **`golang` Projects for Snyk Containers**: Snyk does not have access to the list of dependencies as in Snyk Open Source. Therefore, Snyk Container reverse parses binaries, and the result differs slightly from Snyk Open Source.
-* **`npm` packages as Snyk Containers**: Snyk can access the list of dependencies. To avoid false positives introduced by globally installed packages, the container image scan ignores `/usr` and `/opt`. The result is generally the same as in Snyk Open Source. For details, see [Open Source and licensing](../../../getting-started/supported-languages-and-frameworks/javascript/#open-source-and-licensing).
+* **`npm` packages as Snyk Containers**: Snyk can access the list of dependencies. The result is generally the same as in Snyk Open Source. For details, see [Open Source and licensing](../../../getting-started/supported-languages-and-frameworks/javascript/#open-source-and-licensing).
 * **`java` applications for Snyk Containers**: In Open Source, it is possible to include unmanaged jars (see [Scan all unmanaged jar files](../../../snyk-cli/test-for-vulnerabilities/scan-all-unmanaged-jar-files.md)). Thus the result is different from Snyk Container. With Snyk Container, the scan traverses all the jars Snyk finds in the image (see [Detecting application vulnerabilities in container images](../../../scan-with-snyk/snyk-container/use-snyk-container-from-the-web-ui/detect-application-vulnerabilities-in-container-images.md)). In addition, there are multiple ways to build a jar, affecting how Snyk Container finds the dependencies.
diff --git a/...fix-pull-or-merge-requests/customize-pr-templates/apply-a-custom-pr-template.md b/...fix-pull-or-merge-requests/customize-pr-templates/apply-a-custom-pr-template.md
@@ -69,111 +69,14 @@ You can manually upload the YAML file with the name  `snyk_pull_request_template
 
 If you want to use a custom template for multiple repositories, add the YAML custom template file to each of these repositories.
 
-## Broker configurations for fetching custom PR templates
-
-If you use  [Snyk Broker](../../../../enterprise-configuration/snyk-broker/), you must allow access to these file locations in the `accept.json` configuration of your Broker client. The following describes the additional rules that should be added for each Git integration.
-
-### GitHub and GitHub Enterprise
-
-Under the list of `private` rules add the following input. For more information, see the Broker installation instructions for [GitHub](../../../../enterprise-configuration/snyk-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/) and [GitHub Enterprise.](../../../../enterprise-configuration/snyk-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/)
-
-```json
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/repos/:name/:repo/contents/.github/snyk_pull_request_template.yaml",
-  "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
-},
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/repos/:name/:repo/contents/.github%2Fsnyk_pull_request_template.yaml",
-  "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}"
-}
-```
+## Broker configuration for fetching custom PR templates
 
-### Azure repositories
-
-Under the list of `private` rules, add the following two elements to the existing `valid.values` array for file content. For more information, see the Broker installation instructions for [Azure repositories](../../../../enterprise-configuration/snyk-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/).
-
-```json
-{
-  "//": "get file content. restrict by file types",
-  "method": "GET",
-  "path": "/:owner/_apis/git/repositories/:repo/items",
-  "origin": "https://${AZURE_REPOS_HOST}/${AZURE_REPOS_ORG}",
-  "valid": [
-    {
-      "queryParam": "path",
-      "values": [
-        "**/.azuredevops/snyk_pull_request_template.yaml",
-        "**%2F.azuredevops%2Fsnyk_pull_request_template.yaml",
-}
-```
+If you use  [Snyk Broker](../../../../enterprise-configuration/snyk-broker/), you must use a Broker at version 4.188.0 or higher and enable the Broker to fetch the custom PR templates using the`ACCEPT_CUSTOM_PR_TEMPLATES` environment variable.
 
-### BitBucket Server
-
-Under the list of `private` rules, add the following input. For more information, see the Broker installation instructions for [Bitbucket Server/Data Center](../../../../enterprise-configuration/snyk-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/).
-
-```json
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/projects/:project/repos/:repo/browse*/snyk_pull_request_template.yaml",
-  "origin": "https://${BITBUCKET_API}",
-  "auth": {
-    "scheme": "basic",
-    "username": "${BITBUCKET_USERNAME}",
-    "password": "${BITBUCKET_PASSWORD}"
-  }
-},
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/projects/:project/repos/:repo/browse*%2Fsnyk_pull_request_template.yaml",
-  "origin": "https://${BITBUCKET_API}",
-  "auth": {
-    "scheme": "basic",
-    "username": "${BITBUCKET_USERNAME}",
-    "password": "${BITBUCKET_PASSWORD}"
-  }
-}
-```
+To do this, you must remove `ACCEPT=/path/to/custom.json` and add the following environment variable to your Broker container or deployment:
 
-### GitLab
-
-Under the list of `private` rules, add the following input. For more information, the Broker installation instructions for [GitLab](../../../../enterprise-configuration/snyk-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/).
-
-```json
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/api/v4/projects/:project/repository/files*/snyk_pull_request_template.yaml",
-  "origin": "https://${GITLAB}"
-},
-{
-  "//": "used to get custom pull request template",
-  "method": "GET",
-  "path": "/api/v4/projects/:project/repository/files*%2Fsnyk_pull_request_template.yaml",
-  "origin": "https://${GITLAB}"
-}
 ```
-
-If you use GitLab v3, add the following two elements to the existing `valid.values` array for file content:
-
-```json
-{
-  "//": "used to determine the full dependency tree for v3 protocol",
-  "method": "GET",
-  "path": "/api/v3/projects/:project/repository/files",
-  "origin": "https://${GITLAB}",
-  "valid": [
-    {
-      "queryParam": "file_path",
-      "values": [
-        "**/.config/snyk_pull_request_template.yaml",
-        "**%2F.config%2Fsnyk_pull_request_template.yaml",
-}
+ACCEPT_CUSTOM_PR_TEMPLATES=true
 ```
 
 [^1]: