Download Assured OSS packages using a remote repository

This page explains how you can set up a remote repository to access and download Assured OSS packages. You have two options for setting up a remote repository: JFrog Artifactory or Sonatype Nexus. For more information about repository options, see Assured OSS repository options.

This document applies to the Assured OSS premium tier only. For the free tier, see Download Assured OSS packages using a remote repository.

Before you begin

  1. Integrate Assured OSS with Security Command Center.

  2. Validate connectivity to Security Command Center for the requested service accounts.

Set up a remote repository using JFrog Artifactory

  1. Sign in to the JFrog Artifactory repository manager. Ensure that you have the required privileges to create a new remote repository.
  2. Select the option to create a new remote repository in your repository manager.
  3. Select the appropriate repository type (for example, select Maven for Java or PyPi for Python).
  4. Optionally, test the connection to the Java, Python, or JavaScript repository using the following steps:

    1. In the Repository Key field, enter a unique name or identifier for the remote repository.
    2. In the URL field, enter one of the following:

      • Java:
        https://us-maven.pkg.dev
      • Python:
        https://us-python.pkg.dev
      • Javascript:
        https://us-npm.pkg.dev

      Don't enter the complete domain name as this may return an HTTP 404 or HTTP 405 status code.

    3. Leave the remaining fields blank.

    4. Click Test. The connection is successful when you see the following output:

      Successfully connected to server

  5. To create a new remote repository, enter the following information:

    1. In the Repository Key field, enter a unique name or identifier for the remote repository. For example, assured-oss-java-repo.
    2. In the URL field, enter one of the following:

      • Java:
        https://us-maven.pkg.dev/PROJECT_ID/assuredoss-java
      • Python:
        https://us-python.pkg.dev/
      • JavaScript:
        https://us-npm.pkg.dev/PROJECT_ID/assuredoss-npm

      Replace PROJECT_ID with the ID of the project that you selected when you set up Assured OSS.

    3. In the User Name field, enter _json_key_base64.

    4. In the Password field, provide the base64-encoded string of the service account JSON key file. Use the entire base64-encoded string in a single line as password. To get the base64-encoded string, run the command cat key-filename.json | base64 -w 0.

    5. For Python only, in the Registry URL field, enter

      https://us-python.pkg.dev/PROJECT_ID/assuredoss-python
      .

  6. Click Create Remote Repository.

    For Python packages, append the obtained URL with /simple. Use the URL as the index-url in the pip install command to download the required Python packages. For example, if the obtained URL of the repository is https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo, then the corresponding index-url is https://a0a87smb7hcda.jfrog.io/artifactory/api/pypi/assured-oss-python-repo/simple.

After the new remote repository is set up, configure your build tools (for example, Apache Maven, Gradle Build Tool, or pip) to use this new remote repository.

Known issues

Testing the connection using the Test button can return an error even if the connection is configured correctly. We recommend that you create the remote repository irrespective of the test button behavior. For another way of confirming a connection, see Validate your connection.

Set up a remote repository using Sonatype Nexus

  1. Sign in to your Sonatype Nexus repository manager. Ensure that you have the required privileges to create a new remote repository.
  2. Select the option to create a new repository.
  3. Select the appropriate repository type (for example, select Maven for Java or PyPi for Python).
  4. Enter the following details for the new repository:

    1. In the Name field, enter a unique name or identifier for the remote repository.
    2. In the Remote Storage field, choose from the following:

      • Java:

        https://us-maven.pkg.dev/PROJECT_ID/assuredoss-java

      • Python:

        https://us-python.pkg.dev/PROJECT_ID/assuredoss-python

      • JavaScript:

        https://us-npm.pkg.dev/PROJECT_ID/assuredoss-npm

      Replace PROJECT_ID with the ID of the project that you selected when you set up Assured OSS.

  5. Under HTTP, select Authentication.

  6. Specify the following:

    1. In the Authentication type field, enter Username.
    2. In the Username field, enter _json_key_base64.
    3. In the Password field, provide the base64-encoded string of the service account JSON key file. Use the entire base64 encoded-string in a single line as password. To get the base64-encoded string, run the command base64 key-filename.json.
  7. Click Create Repository.

After the new remote repository is set up, point your build tools (for example, Apache Maven, Gradle Build Tool, or pip) to use this new remote repository.

What's next