Configure integration with AWS
Learn how to configure package manager integrations with AWS CodeArtifact.
Set up custom package repositories
Learn how to configure custom package repositories for dependency resolution.
Suppose your software components are private and are hosted in an internal package repository. In that case, you must provide authentication credentials to the registry, to create a complete bill of materials or perform static analysis.
You must set up custom package repositories if:
- Your software package isn’t scanned as part of a post-build or install step
- You are using the Endor Labs GitHub App
- you are implementing scans across your environment for quick visibility
- Authentication information to your private package repository is hosted outside of the repository
If your software components are private and hosted in AWS CodeArtifact, set up an OpenID Connect provider in AWS and create roles with trust policies to allow Endor Labs access to your CodeArtifact repositories. See Configure package manager integrations with AWS.
Configure package manager integrations
Endor Labs integrates with your self-hosted package repositories and source control systems to give you visibility into your environment. Package manager integrations allow users to simplify scanning using custom repositories.
Endor Labs generally respects package authentication and configuration settings and a package manager integration is usually not required to scan private packages successfully.
-
Use package manager integrations to simplify scanning when authentication to private repositories is not part of standard manifest or settings files.
-
Package manager integrations allow you to set custom registries for each package ecosystem and the priority of each registry for scanning.
To set up a package manager integration:
- Under Manage, select Integrations.
- Select the package manager configuration you’d like to customize and click Connect
- In the upper right-hand corner, select Add Package Manager.
- Input a package manager URL for your given package registry.
- If a package registry is authenticated select Authenticate to this registry and enter a set of credentials that will be used to authenticate to the package registry.
- Select Add Package Manager.
If you would like to delete a package manager integration, click the trash can icon at the far right of the integration.
Change package manager integration priority
Package manager integrations allow you to set the priority of each package registry used by a package managers in your tenant namespace. This defines the location from which a package manager looks when it attempts to resolve dependencies for a software package.
To change the package manager integration priority:
- Click and hold the integration you would like to change the priority of.
- Drag the integration to the priority spot that is most frequently used by your organization.
Package manager integrations
The following support matrix details support for package manager integrations:
| Language | Ecosystem | Supported |
|---|---|---|
| Java | Maven (mvn://) |
Supported |
| JavaScript | npm (npm://) |
Supported |
| Python | PyPI (pypi://) |
Supported |
| Ruby | Gem (gem://) |
Supported |
| PHP | Composer (composer://) |
Supported |
| .NET/C# | nuget (nuget://) |
Supported |
Private package manager integrations for Golang and Rust are not supported.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.