Integrate with Artifactory to allow Bridgecrw to build out dependency trees and fix suggestions based on your private packages.
Note on Artifactory integrations
- At this time, Bridgecrew can integrate with one Artifactory instance per tenant.
- Integrations are limited to one registry per package manager
- Bridgecrew's Artifactory integration currently supports Maven, Gradle, NPM, Yarn, and Pip
- Ensure your private registry is accessible to Bridgecrew IPs (18.104.22.168 and 22.214.171.124)
- Obtain a username and password with proper permissions from Artifactory. You will need read permissions.
- Go to Integrations > Add Integration > Package Registries > Artifactory
- Add your package manager configurations
- Results will be displayed on the Projects page and PR comments will be sourced by default from the private registry.
- Checkov will default to using the private registry.
- If there is no private bump fix available for a CVE, but there is a fix in a public registry, that will be indicated by the
Public Fixlabel in projects and
(Public)label in Checkov.
You can verify your Artifactory setup on the Integrations page. The status will show next to the Repository.
Modify an integration by navigating to the Integrations page and selecting Add Integration > Artifactory. The wizard will allow you to remove an integration or modify it.
You can also modify and delete an integration from the Integrations table.
Updated 5 months ago