Skip to main content

How to install a Scanning Agent

Learn how to install Snyk API & Web Scanning Agent

Written by Martim Valente

The Scanning Agent lets you scan your internal applications with minimal changes to network and security configurations. You can learn more about the Scanning Agent in this article on how to scan internal applications with a Scanning Agent.

Installing the Scanning Agent involves two steps:

  1. Create the Scanning Agent Token in Snyk API & Web account.

  2. Install the Scanning Agent on your network.

This article describes these steps in detail.

Prerequisites

Before you begin, ensure you have the following:

  • An active Snyk API & Web account with permissions to create Scanning Agents.

  • The minimal System Resources and the specific Network Requirements as listed in the Farcaster Agent GitHub Repository README.

Step one: Create the Scanning Agent Token

On this first step, you create the Scanning Agent Token in Snyk API & Web account:

  1. Open the Settings dropdown menu in the bottom-left corner of the navigation bar and select Scanning Agents. If you can't see this option, contact your account owner.

  2. Click Add Agent.

    1. Type the name of the Scanning Agent.

    2. If the Scanning Agent is restricted to targets of some teams, select the checkbox and choose those teams from the dropdown. Learn how to get started with Teams.

  3. Click Generate.

  4. A pop-up window displays important information that, for security reasons, will not appear again. Make sure you do the following:

    • Under Agent Token, copy and save the token securely.

    • Under Installation, go to the tabs for the way you want to install the agent:

      1. DOCKER - To use Docker, copy and save securely the following:

        1. The Docker command to install the agent.

        2. The Docker command to check the agent logs.

      2. DOCKER-COMPOSE - To use Docker-compose, copy and save securely the following:

        1. The docker-compose.yml manifest for the agent.

        2. The Docker-compose command to start the agent.

      3. KUBERNETES - To use Kubernetes, copy and save securely the following:

        1. The Kubernetes command to create the Snyk API & Web namespace.

        2. The Kubernetes command to create the agent token secret.

        3. The Kubernetes command to deploy the agent pod.

Step two: Install the Scanning Agent on your network

In this step, you will install Snyk API & Web Scanning Agent on your network. The Scanning Agent, also known as the Farcaster Agent, is open source and available on the official Farcaster Agent GitHub repository.

In step one, you selected the way to install your agent (Docker, Docker-Compose, or Kubernetes). Alternatively, you can install the agent on Windows or Linux. For more detailed instructions on how to install the agent, follow the installation guidance in the GitHub repository.

Below, we will provide an example of how to install the agent using Docker on Linux:

  1. Before installing the agent container on a Linux system, you can check that your host can run it by executing the following command:

    curl -LO https://raw.githubusercontent.com/Probely/farcaster-onprem-agent/main/farconn/host-check.sh
    chmod +x host-check.sh
    ./host-check.sh


    Verify that the checks succeeded:

    Checking if Docker is installed...                              [ok]
    Launching test container...                                     [ok]

  2. Use the Docker command from step one to install the agent.

    1. Depending on your network configuration, you might need to set additional environment variables. See the list of configuration options in the GitHub repository.

  3. After starting the Agent, it should connect to the Snyk API & Web. Run the command you saved from step one to check that the Agent connected successfully:

     docker logs -f probely-agent

    If everything is running correctly, you should see output similar to:

    Downloading agent configuration ... done
    Deploying agent configuration   ... done
    Starting local DNS resolver     ... done
    Setting HTTP proxy rules        ... done
    Connecting to Probely (via UDP) ... done
    Setting local gateway rules     ... done
    Starting WireGuard gateway      ... done

    Running...

Once up and running, you just have to set the Scanning Agent in your targets as described in the How to scan internal applications with a Scanning Agent article, and run scans on those targets to scan your internal applications.

Troubleshooting

If you have issues downloading the agent configuration, are unable to connect, have proxy configuration issues, or experience performance issues, check the troubleshooting guidance in the GitHub repository.

P.S.: Why the name Farcaster? Read about it in Why is the Scanning Agent named Farcaster?

Did this answer your question?