Private package registries
Authenticate to private Maven, npm, PyPI, Gradle, NuGet, Swift, Ruby, and PHP registries using static credentials or mTLS.
AWS CodeArtifact
Use OIDC token federation to authenticate to AWS CodeArtifact without storing static credentials.
Google Artifact Registry
Authenticate using short-lived OAuth2 tokens minted from a GCP service account key.
Git-based dependencies
Resolve private Git-based dependencies hosted on GitHub, GitLab, or Bitbucket during scans.
mTLS authentication
Authenticate to private package repositories using mutual TLS certificates.
- Authentication credentials for your private registry are not stored in project manifest or settings files, such as
.npmrc,settings.xml, orpip.conf. - You are using the Endor Labs GitHub App or agentless scanning, where local package manager configuration is not available at scan time.
- You want to specify a custom repository URL for a package ecosystem instead of using the default public registry.
- You want to control the priority order of repositories used during dependency resolution.
Package manager integration support matrix
The following support matrix details support for package manager integrations:Private package manager integrations for Golang and Rust are not supported.
Change package manager integration priority
Package manager integrations allow you to set the priority of each package repository used by a package manager in your tenant namespace. This defines the location from which a package manager looks when it attempts to resolve dependencies for a software package. To change the package manager integration priority:- Click and hold the integration you would like to change the priority of.
- Drag the integration to the priority spot that is most frequently used by your organization.