Snyk can be configured to use custom package registries under specific conditions, allowing insight into dependencies that are not hosted in canonical registries.
The custom package registry feature currently supports Artifactory with Maven and is available on the Pro and Enterprise plans. Maven analysis can be configured to mirror all requests through a custom package repository, or you can specify additional repositories to use alongside Maven Central.
Custom package registries do not currently work with brokered SCM integrations. If you currently use a brokered SCM integration or need support for other package managers please email email@example.com and we will send you an announcement as soon as support is available.
If authentication is required to access your custom registry you will need to first configure the Artifactory package repository integration.
To configure the Artifactory integration go to Integrations > Artifactory and click ‘Connect to Artifactory’ and complete the fields - URL to your Artifactory, username, and password.
Once the integration is set up you can configure Maven settings by navigating to
Settings > Languages > Java
You can choose whether to use Artifactory as a mirror or as an additional repository where your artifacts will reside. These settings will be very similar to what you have in
Choose a value for the type, either ‘direct’ or if using authentication ‘integration’. If using direct you will need to complete the URL, repository name and what it is a mirror of.
The mirror of value can either be a * to mirror everything or you can type in a value for example “central”
If using the integration, you will need to choose an integration type and provide the repository name and mirror of details.
Alternatively, you can configure repositories which will be used as additional locations to check for artifacts.