Simplify Network Broker config generation instructions #2418
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Don't forget to add
|
| Name | Link |
|---|---|
| 🔨 Latest commit | db96c29 |
| 🔍 Latest deploy log | https://app.netlify.com/projects/semgrep-docs-prod/deploys/692f602d4f6fc40008fb18ab |
| 😎 Deploy Preview | https://deploy-preview-2418--semgrep-docs-prod.netlify.app |
| 📱 Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify project configuration.
matthewdean-semgrep
requested review from
armchairlinguist,
khorne3,
semgrep-jamie and
stuartcmehrens
khorne3
approved these changes
Dec 3, 2025
Collaborator
khorne3
left a comment
khorne3
left a comment
There was a problem hiding this comment.
Just some nits. Thank you!
| token: GITLAB_PAT | ||
| ``` | ||
| 1. Log in to the Semgrep AppSec platform and navigate to **Settings > Broker**. |
Collaborator
There was a problem hiding this comment.
Suggested change
| 1. Log in to the Semgrep AppSec platform and navigate to **Settings > Broker**. | |
| 1. Sign in to Semgrep AppSec platform and navigate to **Settings > Broker**. |
| ``` | ||
| 1. Log in to the Semgrep AppSec platform and navigate to **Settings > Broker**. | ||
| 2. Copy the starting config into a `config.yaml` file. It should look similar to this: |
Collaborator
There was a problem hiding this comment.
Suggested change
| 2. Copy the starting config into a `config.yaml` file. It should look similar to this: | |
| 2. Create a `config.yaml` file that contains the following starting configuration: |
| ``` | ||
|
|
||
| #### Add your local address to the config | ||
| 1. Convert your organization ID to hexadecimal. The organization ID is found in Semgrep AppSec Platform under [**Settings > General > Identifiers**](https://semgrep.dev/orgs/-/settings/general/identifiers) in Semgrep AppSec Platform. This is sometimes also called a deployment ID. You can use a tool such as [Decimal to Hexadecimal converter](https://www.rapidtables.com/convert/number/decimal-to-hex.html) to perform the conversion if needed. |
Collaborator
There was a problem hiding this comment.
Suggested change
| 1. Convert your organization ID to hexadecimal. The organization ID is found in Semgrep AppSec Platform under [**Settings > General > Identifiers**](https://semgrep.dev/orgs/-/settings/general/identifiers) in Semgrep AppSec Platform. This is sometimes also called a deployment ID. You can use a tool such as [Decimal to Hexadecimal converter](https://www.rapidtables.com/convert/number/decimal-to-hex.html) to perform the conversion if needed. | |
| 1. Convert your organization ID to hexadecimal. The organization ID is found in Semgrep AppSec Platform under [**Settings > General > Identifiers**](https://semgrep.dev/orgs/-/settings/general/identifiers). This value is sometimes called a deployment ID. You can use a tool such as [Decimal to Hexadecimal converter](https://www.rapidtables.com/convert/number/decimal-to-hex.html) to perform the conversion if needed. |
| 1. Update the `config.yaml` file by replacing `YOUR_PRIVATE_KEY` with the value of your private key. | ||
| 1. Add your public key to the Semgrep AppSec Platform: | ||
| ### 2. Generate and store your private key | ||
| * Network Broker requires a WireGuard keypair to establish a secure connection. To generate your private key: |
Collaborator
There was a problem hiding this comment.
Suggested change
| * Network Broker requires a WireGuard keypair to establish a secure connection. To generate your private key: | |
| The Network Broker requires a WireGuard keypair to establish a secure connection. To generate your private key: |
| 1. Determine the [Network Broker version](https://github.com/semgrep/semgrep-network-broker/pkgs/container/semgrep-network-broker) you want to use. The format should be similar to `v0.36.0`. Most users should use the latest version, especially when setting up the broker for the first time. | ||
| 2. Run the following command in your terminal to generate your private key, replacing the placeholder with the Network Broker version number: | ||
| <pre class="language-console"><code>docker run ghcr.io/semgrep/semgrep-network-broker:<span className="placeholder">VERSION_NUMBER</span> genkey</code></pre> | ||
| 3. Store your private key in the config file by adding a `privateKey` field under `wireguard` section with its value set to the key you just generated. |
Collaborator
There was a problem hiding this comment.
Suggested change
| 3. Store your private key in the config file by adding a `privateKey` field under `wireguard` section with its value set to the key you just generated. | |
| 3. Store your private key in the config file by adding a `privateKey` field under `wireguard` section with its value set to the key you generated. |
|
|
||
| ### Update the config with your SCM information | ||
| ### 5. Update the config with your SCM information | ||
| 1. Update the `config.yaml` by replacing the SCM information containing `YOUR_BASE_URL` with your SCM and its base URL for Azure DevOps, GitHub, GitLab, or Bitbucket Data Center. |
Collaborator
There was a problem hiding this comment.
Suggested change
| 1. Update the `config.yaml` by replacing the SCM information containing `YOUR_BASE_URL` with your SCM and its base URL for Azure DevOps, GitHub, GitLab, or Bitbucket Data Center. | |
| Update the `config.yaml` by replacing the SCM information containing `YOUR_BASE_URL` with your SCM and its base URL for Azure DevOps, GitHub, GitLab, or Bitbucket Data Center. |
|
|
||
| ### Start the broker | ||
| #### Multiple configuration files | ||
| You can overlay multiple configuration files on top of each other by passing multiple `-c` arguments: |
Collaborator
There was a problem hiding this comment.
Suggested change
| You can overlay multiple configuration files on top of each other by passing multiple `-c` arguments: | |
| You can overlay multiple configuration files by passing multiple `-c` arguments: |
|
|
||
| ### Add your local address to the config | ||
| ### 6. Start the Network Broker | ||
| i. Run the following command to start Semgrep Network Broker with your completed configuration file: |
Collaborator
There was a problem hiding this comment.
Suggested change
| i. Run the following command to start Semgrep Network Broker with your completed configuration file: | |
| Run the following command to start Semgrep Network Broker with your completed configuration file: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The docs were written before we provided a starter config and before Network Broker supported fetching information like public key from DNS records. This updates the instructions for >v0.25.0 to omit unnecessary fields and streamline the setup. Note that this does create a dependence from Broker on DNS which previously did not exist so we want to carefully assess this change in recommendations.
As a side effect, this buries the explanation of how to manually generate Broker local addresses under the legacy section which is hidden by default.