Integrate with Artifactory

Overview

Integrate with Artifactory to allow Bridgecrw to build out dependency trees and fix suggestions based on your private packages.

πŸ“˜

Note on Artifactory integrations

  • At this time, Bridgecrew can integrate with one Artifactory instance per tenant.
  • Integrations are limited to one registry per package manager
  • Bridgecrew's Artifactory integration currently supports Maven, Gradle, NPM, Yarn, and Pip

How to Integrate

Pre-requisites

  1. Ensure your private registry is accessible to Bridgecrew IPs (44.237.183.44 and 35.82.113.182)
  2. Obtain a username and password with proper permissions from Artifactory. You will need read permissions.

Setup

  1. Go to Integrations > Add Integration > Package Registries > Artifactory

  1. Add your package manager configurations

View results

  1. Results will be displayed on the Projects page and PR comments will be sourced by default from the private registry.

  1. Checkov will default to using the private registry.
  2. If there is no private bump fix available for a CVE, but there is a fix in a public registry, that will be indicated by the Public Fix label in projects and (Public) label in Checkov.

Verify the Integration

You can verify your Artifactory setup on the Integrations page. The status will show next to the Repository.

Modify or Remove the Integration

Modify an integration by navigating to the Integrations page and selecting Add Integration > Artifactory. The wizard will allow you to remove an integration or modify it.

You can also modify and delete an integration from the Integrations table.