Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Configure Endor Labs to integrate with private Maven repositories to access proprietary dependencies during security scanning and analysis. When your Maven projects depend on artifacts hosted in private or corporate repositories, Endor Labs requires authentication credentials to resolve these dependencies and generate a complete bill of materials. This integration enables Endor Labs to:
  • Access private Maven artifacts during dependency resolution
  • Generate comprehensive security analysis including private dependencies
  • Maintain complete visibility into your software supply chain
Endor Labs integrates with your self-hosted package repositories and source control systems to give you visibility into your environment. Package manager integrations let you simplify scanning using custom repositories. Endor Labs generally respects package authentication and configuration settings and a package manager integration is usually not required to scan private packages successfully.
  • Use package manager integrations to simplify scanning when authentication to private repositories is not part of standard manifest or settings files.
  • Package manager integrations allow you to set custom repositories for each package ecosystem and the priority of each repository for scanning.
To set up a package manager integration:
  1. Sign in to Endor Labs and select Integrations from the left sidebar.
  2. Click Add next to the package manager configuration you want to add.
  3. Click Add Package Manager.
  4. Enter the name of the package manager.
  5. Select either Basic or AWS Code Artifactory as Authentication Type. See AWS authentication for more information.

Authenticate to Maven private package repositories

To connect to private repositories of Maven enter the package manager URL and the package registry credentials such as username and password. Basic Authentication for package manager integrations

Test package manager integration

You can test the connection to a configured package manager to verify that Endor Labs can reach the repository. To test the connection:
  1. Select Integrations from the left sidebar.
  2. Click Manage in the package manager configuration you want to customize.
  3. Click the vertical three dots of the package manager configured and select Test Connection.
The integration does not perform authentication or authorization checks on the package manager repository.

Edit package manager integration

You can edit an existing package manager integration to update the name, repository URL, or authentication credentials. To edit a package manager integration:
  1. Select Integrations from the left sidebar.
  2. Click Manage next to the package manager you want to edit.
  3. Click the vertical three dots on the configured integration you want to edit and select Edit.
  4. You can modify the name, package manager URL, and credentials.
  5. Click Save Changes.

Private package manager integration for Maven using API

Use endorctl to create a package manager resource through an API call and configure authentication for accessing private repositories during scans.
Maven package manager configurations apply only to Maven build projects and not to Gradle build projects that use Maven repositories.
Run the following command to create a package manager resource and authenticate to private repository. Replace:
  • username with your package registry username
  • xxxx with your package registry password
  • namespace with your namespace.
endorctl api create  -r PackageManager -n <namespace> -d '
{
    "meta": {
        "name": "test",
        "description": "test"
    },
    "spec": {
        "maven": {
            "priority": 1,
            "url": "package manager url",
            "user": "username",
            "password": "xxxx"
        }
    },
    "propagate": true
} '

Fetch package manager using API

Run the following command to fetch the package manager using the UUID. 
endorctl api get -r packageManager -n <your namespace>  --uuid <package-manager-uuid>

Delete package manager using API

Run the following command to delete the package manager using the UUID. 
endorctl api delete -r packageManager -n <your namespace>  --uuid <package-manager-uuid>