Download Assured OSS packages using a remote repository

This page explains how you can set up a remote repository to access and download Assured OSS packages.

This document applies to the free tier. For the paid tier, see Download Assured OSS packages using a remote repository.

Before you begin

1. Configure Assured OSS. Submit the customer enablement form to enable access to Assured OSS.

2. Validate connectivity to Assured OSS for the requested service accounts.

Overview

Assured OSS packages are stored on a Google-managed Artifact Registry repository. You can access and download the OSS packages offered by Assured OSS using one of the following methods:

• Set up a virtual repository (Preview feature) that acts as a single access point to download, install, or deploy packages in the same format from one or more upstream repositories. An upstream repository can be an Artifact Registry standard or remote repository.

• Set up a remote (also called mirror or proxy) repository to act as a proxy for the Assured OSS Artifact Registry repository. You will connect to the remote repository to download the packages. This method is commonly used in organizations that access open source software using a repository manager like Jfrog Artifactory or Sonatype Nexus.

• Connect to the Assured OSS Artifact Registry repository directly using a service account from build tools like Maven, Gradle, or pip.

The following sections describe how you can set up a remote repository to access and download Assured OSS packages. You have two options for setting up a remote repository: JFrog Artifactory or Sonatype Nexus.

Set up a remote repository using JFrog Artifactory

1. Sign in to the JFrog Artifactory repository manager. Ensure that you have the required privileges to create a new remote repository.
2. Select the option to create a new remote repository in your repository manager.
3. Select the appropriate repository type (for example, select Maven for Java or PyPi for Python).

4. Optionally, test the connection to the Java or Python repository using the following steps:

   1. In the Repository Key field, enter a unique name or identifier for the remote repository.

   2. In the URL field, enter one of the following:

      • Java:

        https://us-maven.pkg.dev

      • Python:

        https://us-python.pkg.dev

      • Javascript:

        https://us-npm.pkg.dev

      Don't enter the complete domain name as this may return an HTTP 404 or HTTP 405 status code.

   3. Leave the remaining fields blank.

   4. Click Test. The connection is successful when you see the following output:

      Successfully connected to server

5. To create a new remote repository, enter the following information:

   1. In the Repository Key field, enter a unique name or identifier for the remote repository. For example, assured-oss-java-repo.

   2. In the URL field, enter one of the following:

      • Java:

        https://us-maven.pkg.dev/cloud-aoss/java

      • Python:

        https://us-maven.pkg.dev/cloud-aoss/python

   3. In the User Name field, enter _json_key_base64.

   4. In the Password field, provide the base64-encoded string of the service account JSON key file. Use the entire base64-encoded string in a single line as password. To get the base64-encoded string, run the command base64 key-filename.json.

   5. For Python only, in the Registry URL field, enter

      https://us-maven.pkg.dev/cloud-aoss/python

6. Click Create Remote Repository.

   For Python packages, append the obtained URL with /simple. Use the URL as the index-url in the pip install command to download the required Python packages. For example, if the obtained URL of the repository is https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo, then the corresponding index-url is https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo/simple.

After the new remote repository is set up, configure your build tools (for example, Apache Maven, Gradle Build Tool, or pip) to use this new remote repository.

Known issues

Testing the connection using the Test button can return an error even if the connection is configured correctly. We recommend that you create the remote repository irrespective of the test button behavior. For another way of confirming a connection, see Validate your connection.

Set up a remote repository using Sonatype Nexus

1. Sign in to your Sonatype Nexus repository manager. Ensure that you have the required privileges to create a new remote repository.
2. Select the option to create a new repository.
3. Select the appropriate repository type (for example, select Maven for Java or PyPi for Python).

4. Enter the following details for the new repository:

   1. In the Name field, enter a unique name or identifier for the remote repository.

   2. In the Remote Storage field, choose from the following:

      • Java:

        https://us-maven.pkg.dev/cloud-aoss/java

      • Python:

        https://us-maven.pkg.dev/cloud-aoss/us-python

5. Under HTTP, select Authentication.

6. Specify the following:

   1. In the Authentication type field, enter Username.
   2. In the Username field, enter _json_key_base64.
   3. In the Password field, provide the base64-encoded string of the service account JSON key file. Use the entire base64 encoded-string in a single line as password. To get the base64-encoded string, run the command base64 key-filename.json.

7. Click Create Repository.

After the new remote repository is set up, point your build tools (for example, Apache Maven, Gradle Build Tool, or pip) to use this new remote repository.

What's next

• Download Java packages using direct repository access
• Download Python packages using direct repository access
• Set up virtual repository access
• Supported Java and Python packages
• Access security metadata using Cloud Storage