Skip to main content
Configure Endor Labs to integrate with private Swift package repositories to access proprietary dependencies during security scanning and analysis. When your Swift projects depend on packages hosted in private or corporate repositories, Endor Labs requires authentication credentials to resolve these dependencies and generate a complete bill of materials. This integration enables Endor Labs to:
  • Access private Swift packages during dependency resolution
  • Generate comprehensive security analysis including private dependencies
  • Maintain complete visibility into your software supply chain
Endor Labs generally respects package authentication and configuration settings and a package manager integration is usually not required to scan private packages successfully.
  • Use package manager integrations to simplify scanning when authentication to private repositories is not part of standard manifest or settings files.
  • Package manager integrations allow you to set custom repositories for each package ecosystem and the priority of each repository for scanning.
To set up a package manager integration:
  1. Select User menu > Integrations from the left sidebar.
  2. Select Add next to the package manager configuration you want to add.
  3. Select Add Package Manager.
  4. Enter a Name for the integration.
  5. Choose an authentication type and complete the required fields.
  1. Optionally, under Advanced, select Propagate this package manager to all child namespaces to share this integration with child namespaces.
  2. Click Add Package Manager.

Test package manager integration

You can test the connection to a configured package manager to verify that Endor Labs can reach the repository. To test the connection:
  1. Select User menu > Integrations from the left sidebar.
  2. Click Manage in the package manager configuration you want to customize.
  3. Click the vertical three dots of the package manager configured and select Test Connection.
The integration does not perform authentication or authorization checks on the package manager repository.

Edit package manager integration

You can edit an existing package manager integration to update the name, repository URL, or authentication credentials. To edit a package manager integration:
  1. Select User menu > Integrations from the left sidebar.
  2. Click Manage next to the package manager you want to edit.
  3. Click the vertical three dots on the configured integration you want to edit and select Edit.
  4. You can modify the name, package manager URL, and credentials.
  5. Click Save Changes.

Package manager integration for SwiftPM using API

Use endorctl to create a package manager resource for your private swift registry and authenticate using one of the following methods:
  • Basic authentication using username and password
  • Authentication token

Basic authentication using username and password

Run the following command to create a package manager resource and authenticate to Swift registry using basic authentication credentials with scope. Replace:
  • namespace with your namespace.
  • username with your username
  • xxxx with your password.
  • scope with your scope. For example, "scope":"abc-corp".
endorctl api create -r PackageManager -n <namespace> -d '
{
    "meta": {
        "name": "test swift",
        "description": "setup swift registry with basic auth"
    },
    "spec": {
        "swift": {
            "priority": 1,
            "url": "package manager url",
            "basic_auth": {
                "username": "username",
                "password": "xxxx"
            },
            "scope": "scope"
        }
    },
    "propagate": false
}'

Authentication token

Run the following command to create a package manager resource and authenticate to Swift registry using authentication token with scope. Replace:
  • namespace with your namespace
  • token with your Swift registry authentication token.
  • scope with your scope. For example, "scope":"abc-corp".
endorctl api create -r PackageManager -n <namespace> -d '
{
   "meta": {
       "name": "test swift",
       "description": "setup swift registry with token"
   },
   "spec": {
       "swift": {
           "priority": 1,
           "url": "package manager url",
           "token": "authentication token",
           "scope": "scope"
       }
   },
   "propagate": false
} '

Fetch package manager using API

Run the following command to fetch the package manager using the UUID. 
endorctl api get -r packageManager -n <your namespace>  --uuid <package-manager-uuid>

Delete package manager using API

Run the following command to delete the package manager using the UUID. 
endorctl api delete -r packageManager -n <your namespace>  --uuid <package-manager-uuid>