Download Assured OSS packages using a remote repository
Stay organized with collections
Save and categorize content based on your preferences.
This page explains how you can set up a remote repository to access and download
Assured OSS packages. You have two options for setting up a
remote repository: JFrog Artifactory or Sonatype Nexus. For more information
about repository options, see Assured OSS repository
options.
Set up a remote repository using JFrog Artifactory
Sign in to the JFrog Artifactory repository manager. Ensure that you
have the required privileges to create a new remote repository.
Select the option to create a new remote repository in your repository manager.
Select the appropriate repository type (for example, select Maven for Java or
PyPi for Python).
Optionally, test the connection to the Java or Python repository
using the following steps:
In the Repository Key field, enter a unique name or identifier for the
remote repository.
In the URL field, enter one of the following:
Java:
https://us-maven.pkg.dev
Python:
https://us-python.pkg.dev
Javascript:
https://us-npm.pkg.dev
Don't enter the complete domain name as this may return an HTTP 404 or
HTTP 405 status code.
Leave the remaining fields blank.
Click Test.
The connection is successful when you see the following output:
Successfully connected to server
To create a new remote repository, enter the following information:
In the Repository Key field, enter a unique name or identifier for
the remote repository. For example, assured-oss-java-repo.
In the URL field, enter one of the following:
Java:
https://us-maven.pkg.dev/cloud-aoss/java
Python:
https://us-maven.pkg.dev/cloud-aoss/python
In the User Name field, enter _json_key_base64.
In the Password field, provide the base64-encoded string of the
service account JSON key file. Use the entire base64-encoded string
in a single line as password. To get the base64-encoded string, run the
command base64 key-filename.json.
For Python only, in the Registry URL field, enter
https://us-maven.pkg.dev/cloud-aoss/python
Click Create Remote Repository.
For Python packages, append the obtained URL with /simple. Use the URL as
the index-url in the pip install command to download the required Python
packages. For example, if the obtained URL of the repository is
https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo,
then the corresponding index-url is
https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo/simple.
After the new remote repository is set up, configure your build tools (for
example, Apache Maven, Gradle Build Tool, or pip) to use this new remote
repository.
Known issues
Testing the connection using the Test button can return an error even if the
connection is configured correctly. We recommend that you create the remote
repository irrespective of the test button behavior. For another way of
confirming a connection, see Validate your connection.
Set up a remote repository using Sonatype Nexus
Sign in to your Sonatype Nexus repository manager. Ensure that you have the
required privileges to create a new remote repository.
Select the option to create a new repository.
Select the appropriate repository type (for example, select Maven for Java or
PyPi for Python).
Enter the following details for the new repository:
In the Name field, enter a unique name or identifier for the remote
repository.
In the Remote Storage field, choose from the following:
Java:
https://us-maven.pkg.dev/cloud-aoss/java
Python:
https://us-maven.pkg.dev/cloud-aoss/us-python
Under HTTP, select Authentication.
Specify the following:
In the Authentication type field, enter Username.
In the Username field, enter _json_key_base64.
In the Password field, provide the base64-encoded string of the
service account JSON key file. Use the entire base64 encoded-string
in a single line as password. To get the base64-encoded string, run the
command base64 key-filename.json.
Click Create Repository.
After the new remote repository is set up, point your build tools (for example,
Apache Maven, Gradle Build Tool, or pip) to use this new remote repository.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide provides instructions on setting up a remote repository for accessing and downloading Assured OSS packages, with options for either JFrog Artifactory or Sonatype Nexus.\u003c/p\u003e\n"],["\u003cp\u003eBefore proceeding, users must configure Assured OSS by submitting a customer enablement form and validating connectivity for the requested service accounts.\u003c/p\u003e\n"],["\u003cp\u003eWhen setting up a remote repository, users must specify the repository type (e.g., Maven for Java, PyPi for Python) and provide a unique repository key, along with the appropriate URL.\u003c/p\u003e\n"],["\u003cp\u003eBoth JFrog Artifactory and Sonatype Nexus require the use of \u003ccode\u003e_json_key_base64\u003c/code\u003e as the username and the base64-encoded string of the service account JSON key file as the password for authentication.\u003c/p\u003e\n"],["\u003cp\u003eAfter creating the remote repository, build tools like Apache Maven, Gradle, or pip need to be configured to utilize this new remote repository for package access.\u003c/p\u003e\n"]]],[],null,["# Download Assured OSS packages using a remote repository\n\nThis page explains how you can set up a remote repository to access and download\nAssured OSS packages. You have two options for setting up a\nremote repository: JFrog Artifactory or Sonatype Nexus. For more information\nabout repository options, see [Assured OSS repository\noptions](/assured-open-source-software/docs/overview#aoss-repository-options).\n\nThis document applies to the free tier. For the premium tier, see [Download\nAssured OSS packages using a remote\nrepository](/security-command-center/docs/aoss-remote-repository-access).\n\nBefore you begin\n----------------\n\n1. Configure Assured OSS. Submit the\n [customer enablement form](https://developers.google.com/assured-oss#get-started)\n to enable access to Assured OSS.\n\n2. [Validate connectivity](/assured-open-source-software/docs/validate-connection)\n to Assured OSS for the requested service accounts.\n\nSet up a remote repository using JFrog Artifactory\n--------------------------------------------------\n\n1. Sign in to the JFrog Artifactory repository manager. Ensure that you have the required privileges to create a new remote repository.\n2. Select the option to create a new remote repository in your repository manager.\n3. Select the appropriate repository type (for example, select `Maven` for Java or `PyPi` for Python).\n4. Optionally, test the connection to the Java or Python repository\n using the following steps:\n\n 1. In the **Repository Key** field, enter a unique name or identifier for the remote repository.\n 2. In the **URL** field, enter one of the following:\n\n - Java: \n\n ```\n https://us-maven.pkg.dev\n ```\n - Python: \n\n ```\n https://us-python.pkg.dev\n ```\n - Javascript: \n\n ```\n https://us-npm.pkg.dev\n ```\n\n Don't enter the complete domain name as this may return an HTTP `404` or\n HTTP `405` status code.\n 3. Leave the remaining fields blank.\n\n 4. Click **Test**.\n The connection is successful when you see the following output:\n\n `Successfully connected to server`\n5. To create a new remote repository, enter the following information:\n\n 1. In the **Repository Key** field, enter a unique name or identifier for the remote repository. For example, `assured-oss-java-repo`.\n 2. In the **URL** field, enter one of the following:\n\n - Java: \n\n ```\n https://us-maven.pkg.dev/cloud-aoss/java\n ```\n - Python: \n\n ```\n https://us-maven.pkg.dev/cloud-aoss/python\n ```\n 3. In the **User Name** field, enter `_json_key_base64`.\n\n 4. In the **Password** field, provide the base64-encoded string of the\n service account JSON key file. Use the entire base64-encoded string\n in a single line as password. To get the base64-encoded string, run the\n command `base64 `\u003cvar translate=\"no\"\u003ekey-filename.json\u003c/var\u003e.\n\n 5. For Python only, in the **Registry URL** field, enter\n\n ```\n https://us-maven.pkg.dev/cloud-aoss/python\n ```\n\n \u003cbr /\u003e\n\n6. Click **Create Remote Repository**.\n\n For Python packages, append the obtained URL with `/simple`. Use the URL as\n the `index-url` in the `pip install` command to download the required Python\n packages. For example, if the obtained URL of the repository is\n `https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo`,\n then the corresponding `index-url` is\n `https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo/simple`.\n\nAfter the new remote repository is set up, configure your build tools (for\nexample, Apache Maven, Gradle Build Tool, or pip) to use this new remote\nrepository.\n\n### Known issues\n\nTesting the connection using the **Test** button can return an error even if the\nconnection is configured correctly. We recommend that you create the remote\nrepository irrespective of the test button behavior. For another way of\nconfirming a connection, see [Validate your connection](/assured-open-source-software/docs/validate-connection).\n\nSet up a remote repository using Sonatype Nexus\n-----------------------------------------------\n\n1. Sign in to your Sonatype Nexus repository manager. Ensure that you have the required privileges to create a new remote repository.\n2. Select the option to create a new repository.\n3. Select the appropriate repository type (for example, select `Maven` for Java or `PyPi` for Python).\n4. Enter the following details for the new repository:\n\n 1. In the **Name** field, enter a unique name or identifier for the remote repository.\n 2. In the **Remote Storage** field, choose from the following:\n\n - Java:\n\n ```\n https://us-maven.pkg.dev/cloud-aoss/java\n ```\n\n \u003cbr /\u003e\n\n - Python:\n\n ```\n https://us-maven.pkg.dev/cloud-aoss/us-python\n ```\n\n \u003cbr /\u003e\n\n5. Under **HTTP** , select **Authentication**.\n\n6. Specify the following:\n\n 1. In the **Authentication type** field, enter `Username`.\n 2. In the **Username** field, enter `_json_key_base64`.\n 3. In the **Password** field, provide the base64-encoded string of the service account JSON key file. Use the entire base64 encoded-string in a single line as password. To get the base64-encoded string, run the command `base64 `\u003cvar translate=\"no\"\u003ekey-filename.json\u003c/var\u003e.\n7. Click **Create Repository**.\n\nAfter the new remote repository is set up, point your build tools (for example,\nApache Maven, Gradle Build Tool, or pip) to use this new remote repository.\n\nWhat's next\n-----------\n\n- [Download Java packages using direct repository access](/assured-open-source-software/docs/download-java-packages)\n- [Download Python packages using direct repository access](/assured-open-source-software/docs/download-python-packages)\n- [Set up virtual repository access](/assured-open-source-software/docs/virtual-repository-access)\n- [Supported Java and Python packages](/assured-open-source-software/docs/supported-packages)\n- [Access security metadata using Cloud Storage](/assured-open-source-software/docs/access-metadata-using-cloud-storage)"]]
