Contact Us 1-800-596-4880

Adding a Scanner for Databricks Agent Bricks

Add a scanner to discover, import, and sync agents from Databricks Agent Bricks into Exchange. Then you can govern the agents and consume them in other applications.

Before You Begin

Before adding the scanner, verify that you have these prerequisites:

  • Exchange Administrator permission

  • Databricks Workspace access

  • Workspace URL

  • Databricks client ID

  • Databricks client secret

  • Service Principal requires CAN_QUERY permission on each serving endpoint to enable full discovery and invocation.

    Use the Databricks Permissions API:

    PATCH /api/2.0/permissions/serving-endpoints/{endpoint_id}
    {
      "access_control_list": [
        {
          "service_principal_name": "<clientId>",
          "permission_level": "CAN_QUERY"
        }
      ]
    }
    API Endpoint Required Permission

    GET /api/2.0/serving-endpoints

    CAN_VIEW or higher

    GET /api/2.0/serving-endpoints/{name}

    CAN_VIEW or higher

    GET /api/2.0/serving-endpoints/{name}/openapi

    CAN_VIEW or higher

    POST /serving-endpoints/{name}/invocations

    CAN_QUERY or higher

Agent Discoverability

Not all Databricks endpoints are discoverable by the scanner. Before running a scan, confirm that the scanner can discover your agent. === What the Scanner Discovers

Requirement Required Value

Deployment type

Model Serving Endpoint

Model source

Custom model registered in Unity Catalog

Entity name pattern

catalog.schema.model_name (for example, ml_catalog.agents.customer_support_v2)

Endpoint state

READY

What the Scanner Doesn’t Discover

Agent Type Exclusion Reason

Foundation models (GPT, Claude, Llama, Gemini, and so on)

These are platform-provided models, not custom agents.

External models

These are hosted outside Databricks.

Knowledge Assistants (Agent Builder)

These use a foundation model internally and aren’t registered as a custom Unity Catalog model.

Databricks Apps

These use a different deployment path and aren’t Model Serving Endpoints.

Make an Agent Discoverable

If you built your agent with Databricks Agent Builder (for example, a Knowledge Assistant), it isn’t discovered automatically. To make it scannable:

  1. Log the agent with MLflow, the Databricks framework for model logging and tracking.

    Use mlflow.langchain.log_model() or mlflow.pyfunc.log_model() in a notebook.

  2. Register the model in Unity Catalog.

    Register the model under a catalog and schema (for example, my_catalog.my_schema.knowledge_assistant_mulesoft).

  3. Deploy the model as a Serving Endpoint.

    Create a Model Serving Endpoint from the registered Unity Catalog model.

  4. Grant permissions to the scanner service principal.

    The service principal used in the scanner must have at least CAN_QUERY on the endpoint.

    After this deployment, the scanner discovers the agent in the next scan.

Quick Check

Run this API call with your service principal credentials to verify what the scanner can see:

Look for your agent in the response. If served_entities[0].entity_name follows the catalog.schema.model_name pattern, the scanner discovers it.

Add a Scanner for Databricks Agent Bricks

  1. Verify that you are in the business group where you want to add the scanner.

  2. From the sidebar in Exchange, click Scanners.

  3. Enter a name for the scanner.

  4. From Scanner Run Configuration, complete these fields or options:

    Field/Option Value

    Run Schedule

    Select a frequency and time.

    Sync Review

    Select an option: Auto-resolve or Ask to review.

  5. From Connection Configuration, complete these fields:

    Field Value

    Provider

    Select Databricks.

    Platform

    Select Agent Bricks.

    Service Type

    Select Agents selected by default.

    Authentication Method

    OAuth selected by default.

    Workspace URL

    Enter the workspace URL.

    Client ID

    Enter the client ID.

    Client Secret

    Enter the client secret.

  6. Click Test Connection.

    If the connection fails, review the Connection Configuration settings. Update the settings, and then test the connection again.

  7. To send email notifications:

    1. Select Advanced Settings and turn on Send Email Notifications.

    2. Enter an email address.

  8. Click Add Scanner.