Mobb Broker

Mobb supports source code repositories (GitLab/GitHub/ADO) that are hosted in an on-premise environment by using the Mobb broker. The Mobb broker provides organizations with the following benefits:

• Mobb broker allows you to connect to your hosted/on-premise source code repositories to Mobb to perform the fix analysis.

• Mobb broker allows you to easily commit fixes back into your source code repositories by automatically creating a Pull Request for your team to review.

Architecture

• Step 1 - Mobb Broker Client initiates a secure HTTPS tunnel connection to the Mobb Broker Server.

• Step 2 - The optional HTTPS Proxy completes the tunnel creation. The tunnel is now ready to be used.

• Step 3 - During a fix analysis, Mobb requests access to your GitLab/GitHub/ADO Repository to access source code to produce fixes. The bi-directional communication is facilitated by the tunnel created in Step 1 and Step 2.

• Step 4 - Fixes are pushed to GitLab/GitHub/ADO as Pull Requests through the HTTPS tunnel.

Additional Notes:

• For Steps 3 and 4, Mobb can only connect to designed servers (i.e. GitLab) as specified during the Broker client setup process.

• End-users control the initiation of the tunnel creation process.

Mobb Broker Installation Guide

Sample Docker command

Mobb docker can be deployed on any machine with a docker host. Here is a sample docker command:

docker run --rm --pull=always --platform linux/amd64 --network="host" -d \
-e FRP_BROKER_SERVER_HOST='broker-app.mobb.ai' \
-e FRP_BROKER_AUTH_TOKEN='<YOUR_AUTH_TOKEN_HERE>' \
-e FRP_BROKERED_DOMAIN='<YOUR_BROKERED_DOMAIN_UUID_HERE>' \
-e TARGET_SERVER_URL='https://<YOUR_SCM_ADDRESS>' \
-e TARGET_DISABLE_CERT_VALIDATION='true' \
-e HOST_HEADER_OVERWRITE='<YOUR_SCM_ADDRESS>' \
--name frpc_multi-tenant_main mobbai/broker-frpc

Explanation of the Environment Variables

FRP_BROKER_SERVER_HOST

• For the production server, set this to broker-app.mobb.ai

FRP_BROKER_AUTH_TOKEN

FRP_BROKERED_DOMAIN

TARGET_SERVER_URL

• Your target server URL, for example: https://your_internal_scm_server_address

HOST_HEADER_OVERWRITE

• The same value as TARGET_SERRVER_URL with the https://, for example: your_internal_scm_server_address

(Optional) TARGET_DISABLE_CERT_VALIDATION

• If you have a good public SSL certificate on the on-premise SCM server, then you can ignore this. If not, you can set this to "true" to disable certificate validation.

Specific set-up instructions for AWS ECS

1. Navigate to ECS Task Definitions in the AWS Console.

2. Create a new task definition and select AWS Fargate as the launch type.

3. Set the following configurations for the task definition:

   1. Container Name: Choose a suitable name for your container.

   3. For the ECS task execution IAM role configuration, here is a list of required permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

• FRP_BROKER_SERVER_HOST

• FRP_BROKER_AUTH_TOKEN

• FRP_BROKERED_DOMAIN

• TARGET_SERVER_URL=https://YOUR_SCM_SERVER_ADDRESS

• HOST_HEADER_OVERWRITE=YOUR_SCM_SERVER_ADDRESS

• Optional settings:

  • You can also define the following proxy settings (FRP_PROXY_URL, TARGET_PROXY_URL) depending on your specific requirements

  • You can also set the environment variable TARGET_DISABLE_CERT_VALIDATION to true - if the SCM server doesn’t provide a trusted certificate

1. After completing the task definition setup, go to ECS Clusters.

2. Create a new cluster and select the task definition you just created.