Download Assured OSS packages using a remote repository

Stay organized with collections Save and categorize content based on your preferences.

Assured OSS packages are stored on an Artifact Registry repository.

You can access and download the OSS packages in one of two ways:

  • Set up a remote (also called mirror or proxy) repository to act as a proxy for the Assured OSS Artifact Registry repository. You will connect to the mirror repository to download the packages. This method is commonly used in organizations that access OSS packages using a repository manager like Jfrog Artifactory or Sonatype Nexus.

  • Connect to the Assured OSS Artifact Registry repository directly using a service account from build tools like Maven, Gradle, or pip.

This page explains how you can set up a remote or mirror repository to access and download Assured OSS packages.

workflow of a remote repository

Steps

  1. Sign in to your repository manager and make sure you have the required privileges to create a new remote repository.
  2. Add a new remote repository in your repository manager.
  3. Select the appropriate package manager like Maven for Java and PyPi for Python.
  4. Add the following information to the remote repository setup page:
    • Repository Key: A unique name/identifier for the remote repository. For example, my-aoss-java-repo.
    • URL
      • For Java, use - https://us-maven.pkg.dev/cloud-aoss/cloud-aoss-java
      • For Python, use - https://us-python.pkg.dev/cloud-aoss/cloud-aoss-python
    • Username: _json_key_base64
    • Password: base64 encoded string of the entire service account json key file
      • On Linux or Mac, run the command base64 <key-filename.json> to get the base64 encoded string.
      • Make sure that you do not have new line characters in the base64 encoded string. It should be a single-line string when you paste it as a password.
  5. Save the repository.
  6. After the new remote repository is set up, point your build tools like Maven, Gradle or PIP to use this new remote repository.

Learn more

Assured Open Source Software is part of the Software Delivery Shield solution. Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution that helps you to improve the security posture of developer workflows and tools, software dependencies, CI/CD systems used to build and deploy your software, and runtime environments such as Google Kubernetes Engine and Cloud Run. To learn how you can use Assured Open Source Software with other components of Software Delivery Shield to improve the security posture of your software supply chain, see Software Delivery Shield overview.

What's Next?