1. Snyk
  2. Integrations for Snyk Open Source
  3. Git repository (SCM) integrations

Custom package registries overview

Follow

Articles in this section

Rachel Cheyfitz
  • Updated
Follow

Snyk can be configured to use custom package registries under specific conditions, allowing insight into dependencies that are not hosted in canonical registries.

The custom package registry feature currently supports Artifactory with Maven and is available on the Pro and Enterprise plans. Maven analysis can be configured to mirror all requests through a custom package repository, or you can specify additional repositories to use alongside Maven Central.

Prerequisite 

Jfrog artifactory mirror integration works only with basic user password authentication (SSO users can't be used for the integration) 
Please create a general Jfrog user that isn't using SSO for this integration 

Note 

 The integration won't work with on-prem custom package registries, only for SaaS solution, because Snyk can't reach to the private registry. 

 

Setup custom package registries

If authentication is required to access your custom registry you will need to first configure the Artifactory package repository integration.

To configure the Artifactory integration go to Integrations > Artifactory and click ‘Connect to Artifactory’ and complete the fields - URL to your Artifactory, username, and password.

Once the integration is set up you can configure Maven settings by navigating to Settings > Languages > Java

You can choose whether to use Artifactory as a mirror or as an additional repository where your artifacts will reside. These settings will be very similar to what you have in ~/.m2/settings.xml.

Mirrors

Choose a value for the type, either ‘direct’ or if using authentication ‘integration’. If using direct you will need to complete the URL, repository name and what it is a mirror of.

The mirror of value can either be a * to mirror everything or you can type in a value for example “central”

image1.png

If using the integration, you will need to choose an integration type and provide the repository name and mirror of details.

image2.png

Repositories

Alternatively, you can configure repositories which will be used as additional locations to check for artifacts.

Comments

0 comments

Article is closed for comments.