This package provides a Zeropath fact collector for the Backstage Soundcheck backend plugin. It enables Soundcheck to query Zeropath repositories for issue counts, PR scanning status, and security posture metrics.
Publish the package or link it into your Backstage instance, then add it as a dependency of your backend:
yarn workspace backend add @zeropath/backstage-soundcheckRegister the module in packages/backend/src/index.ts (or the relevant
registration file):
backend.add(import('@zeropath/backstage-soundcheck'));Provide credentials and collector scheduling via app-config.yaml:
soundcheck:
collectors:
zeropath:
baseUrl: https://zeropath.com
organizationId: ${ZEROPATH_ORGANIZATION_ID}
tokenId: ${ZEROPATH_TOKEN_ID}
tokenSecret: ${ZEROPATH_TOKEN_SECRET}
repositorySlugAnnotation: github.com/project-slug
repositorySlugPrefix: my-org
collects:
- frequency:
cron: '0 * * * *'All sensitive values should be supplied via environment variables or an external secrets store.
If you want a ready-to-use setup that automatically enrolls every component in
Soundcheck, copy the contents of
examples/zeropath-soundcheck.yaml into
your Backstage configuration. It contains:
- A collector schedule that targets all
Componententities (no opt-in work). - Guarded checks that show a "repository not linked" message instead of
failing whenever the
github.com/project-slugannotation is missing. - A
zeropath-security-posturetrack that surfaces the linked/pr-scanning and severity checks in the Soundcheck UI.
After pasting the example config, restart the backend (or run the
soundcheck-refresh-applicable-entities job) so the widened filters take
effect.
When recording a walkthrough for customers, we recommend covering the following:
- Prerequisites – point out the required Zeropath env vars and
repositorySlugAnnotation, and verify that catalog entities contain the matchinggithub.com/project-slugannotation. - Collector wiring – show how the backend module is registered and how the
collectsschedule automatically covers every component. - Soundcheck configuration – walk through the example track definition so users see how checks map to the Zeropath facts.
- Live demo – in Backstage, open:
- The Soundcheck sidebar overview to highlight the new "Zeropath Security Posture" track.
- An entity that passes all checks.
- An entity without a Zeropath repo to show the "not linked" message.
- Investigating results – click "View details" on a check to show the raw facts and explain how customers can tweak thresholds/messages.
Including this flow in your video makes it clear how to get started and how to interpret the Zeropath data inside Soundcheck.
This package requires the Backstage CLI and relies on the Soundcheck backend
from Spotify. Run yarn backstage-cli package build to produce distributable
artifacts once dependencies are available.