In the free tier, Assured Open Source Software packages are hosted in a Google-managed Artifact Registry repository.
This page explains how you can connect to the Artifact Registry repository for Assured OSS to directly access and download the Java packages.
This document applies to the free tier only. For the paid tier, see Download Java packages using direct repository access for the paid tier.
Before you begin
Configure Assured OSS. For the free tier, submit the customer enablement form to enable access to Assured OSS.
Validate connectivity to Assured OSS for the requested service accounts.
Enable the Artifact Registry API for the parent Google Cloud project of the service accounts used to access Assured OSS.
Install the latest version of the Google Cloud CLI.
If you have installed the Google Cloud CLI previously, make sure you have the latest version by running the command:
gcloud components update
Set up authentication
Artifact Registry supports the following authentication methods:
- Authentication with a credential helper
- Authentication with a password
The following sections describe how to set up these authentication methods.
Authenticate with a credential helper
Artifact Registry provides a Maven wagon and a Gradle plugin to use as credential helpers. This option provides the most flexibility.
To set up Application Default Credentials, see Set up authentication.
Set up your credential helpers
If you're using a credential helper to set up authentication, make the following changes based on the build tool.
Maven
<project>
<build>
<extensions>
<extension>
<groupId>com.google.cloud.artifactregistry</groupId>
<artifactId>artifactregistry-maven-wagon</artifactId>
<version>2.2.0</version>
</extension>
</extensions>
</build>
</project>
Gradle
plugins {
id "com.google.cloud.artifactregistry.gradle-plugin" version "2.2.0"
}
Authenticate using a password
Authenticate using a password when your Java application requires authentication with a specified username and password. Depending on your build tool, change settings according to the following instructions:
Maven
Add the following authentication settings in the settings section of the
~/.m2/settings.xml file. See the Maven Settings reference for more
information. If the ~/.m2/settings.xml file doesn't exist, then create a new
file.
<settings>
<servers>
<server>
<id>artifact-registry</id>
<configuration>
<httpConfiguration>
<get>
<usePreemptive>true</usePreemptive>
</get>
<head>
<usePreemptive>true</usePreemptive>
</head>
<put>
<params>
<property>
<name>http.protocol.expect-continue</name>
<value>false</value>
</property>
</params>
</put>
</httpConfiguration>
</configuration>
<username>_json_key_base64</username>
<password>KEY</password>
</server>
</servers>
</settings>
Replace KEY with the base64-encoding of entire service
account JSON key file. To do this, run the following command:
cat KEY_FILE_LOCATION | base64
Where KEY_FILE_LOCATION is the location of the service account JSON key file.
Gradle
Add the following line to your ~/.gradle/gradle.properties file so that
the key is not visible in your builds or your source control repository.
artifactRegistryMavenSecret = KEY
Replace KEY with the private key from your service account JSON
key file. For json_key_base64, the artifactRegistryMavenSecret contains the
base64 encrypted password. For example, base64 -w 0 KEY.
In the build.gradle file, specify the repository settings using the following example:
repositories {
maven {
url "artifactregistry://us-maven.pkg.dev/cloud-aoss/cloud-aoss-java"
credentials {
username = "_json_key_base64"
password = "$artifactRegistryMavenSecret"
}
authentication {
basic(BasicAuthentication)
}
}
}
Update the project configuration file to point to the repository
Maven
Add the following settings to the appropriate section in the pom.xml file for
your Maven project. Don't replace the authentication settings.
<project>
<repositories>
<repository>
<id>artifact-registry</id>
<url>artifactregistry://us-maven.pkg.dev/cloud-aoss/cloud-aoss-java</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>
See the Maven POM reference for details about the structure of the file.
Gradle
Specify the following repository settings in your build.gradle file. Don't
replace the authentication settings.
repositories {
maven {
url "artifactregistry://us-maven.pkg.dev/cloud-aoss/cloud-aoss-java"
}
}
Update the project configuration file to add dependencies
To download an artifact as a part of your build, the artifact must be declared as a dependency.
Maven
Declare the packages that you want to download in the pom.xml file for your
Maven project.
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.17.1</version>
</dependency>
Gradle
Declare the packages that you want to download in your build.gradle file.
dependencies {
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1'
}
Access Java packages not available in Assured OSS
You can access packages that aren't available in the Artifact Registry repository for Assured OSS
Assured OSS is pre-configured with Assured OSS as the preferred repository and canonical public repositories, such as Maven Central or PyPI, as secondary repositories. To use this feature (Preview), you can point to a following URL:
https://us-maven.pkg.dev/cloud-aoss/java
List all Java packages available in Assured OSS
To use an API to get a list of all the Java packages available in the Artifact Registry repository, see List all Java packages available in Assured OSS.
What's next
- Download Python packages using direct repository access
- Set up virtual repository access
- Supported Java and Python packages
- Access security metadata using Cloud Storage
- Access security metadata using Artifact Analysis API