You require a service account to access the Assured Open Source Software (Assured OSS) repository and download packages. You also require the service account to access any of the Assured OSS APIs. It's recommended that you create a new service account to use exclusively for Assured OSS. However, you can also use an existing service account.
To learn how to set up service accounts, see Creating and managing service accounts.
To learn how to create a service account key, see Create and manage service account keys.
To learn about best practices for creating and managing service accounts, see Best practices for working with service accounts.
Get required permissions
After you set up the service account, share the email address for the service account
with the Assured OSS services team using a secure communication channel.
The team grants the required permissions to access and download software packages
and security metadata to the service account.
Assured Open Source Software is part of the Software Delivery Shield solution. Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution that helps you to improve the security posture of developer workflows and tools, software dependencies, CI/CD systems used to build and deploy your software, and runtime environments such as Google Kubernetes Engine and Cloud Run. To learn how you can use Assured Open Source Software with other components of Software Delivery Shield to improve the security posture of your software supply chain, see Software Delivery Shield overview.
- Learn how to download Java and Python packages using a remote repository.
- Learn how to download Java packages using direct repository access.
- Learn how to download Python packages using direct repository access.
- Access security metadata using API.
- Subscribe to notifications.
- Verify the signature on the packages.