Artifactory Registry setup

Overview

Feature availability This feature is available with Enterprise plans. See pricing plans for more details.
The Artifactory Package Repository integration currently supports Maven and Node.js (npm and Yarn) projects.
Connecting a custom Artifactory Package Repository enables Snyk to resolve all direct and transitive dependencies of packages hosted on the custom registry and calculate a more complete, accurate dependency graph and related vulnerabilities.
You can configure two types of Artifactory Package Repository:
  1. 1.
    Publicly accessible instances protected by basic authentication
  2. 2.
    Instances on a private network accessed via a Snyk Broker (with or without basic authentication)

Getting started

  1. 1.
    Go to settings
    > Integrations > Package Repositories > Artifactory
  2. 2.
    You should see this screen at the beginning
If you do not see the “Snyk Broker” switch you do not have the necessary permissions and can only add a publicly accessible instance. Contact [email protected] if you want to add a private registry

Set up publicly accessible instances

  1. 1.
    Enter URL of your Artifactory instance, this must end with /artifactory
  2. 2.
    Enter Username
  3. 3.
    Enter Password
  4. 4.
    Hit Save

Set up brokered instances

  1. 1.
    Toggle Artifactory (publicly accessible) switch, you should now see a form for generating an Artifactory Broker token
  2. 2.
    Click on Generate and Save button
  3. 3.
    Copy the token that was generated for you, it will be needed to set up a new Broker Client
  4. 4.
    Pull Broker Artifactory image from Dockerhub:
    1
    docker pull snyk/broker:artifactory
    Copied!
  5. 5.
    Run docker image and provide broker variables
    1
    docker run --restart=always \
    2
    -p 8000:8000 \
    3
    -e BROKER_TOKEN=secret-broker-token \
    4
    -e ARTIFACTORY_URL=acme.com/artifactory \
    5
    -e RES_BODY_URL_SUB=http://acme.com/artifactory \
    6
    snyk/broker:artifactory
    Copied!
  6. 6.
    Check connection status by refreshing Artifactory Integration Settings page, no connection error should be displayed

Broker variables

Variable
Description
BROKER_TOKEN
The token generated in settings
> Integrations > Artifactory
ARTIFACTORY_URL
The URL to your Artifactory instance in the format: [http://][username:[email protected]]hostname[:port]/artifactory
Optional fields
  1. 1.
    Protocol: Defaults to https:// This should only be specified when no certificate is present and http:// is required instead for your instance
  2. 2.
    Basic auth: Omit if no basic auth required. URL encode both username and password info to avoid errors that may prevent authentication.
  3. 3.
    Port: Omit if no port number is needed
Minimal example acme.com/artifactory
Complex example http://alice:[email protected]:8080/artifactory
RES_BODY_URL_SUB
The URL of the Artifactory instance, including http:// and without basic auth credentials. Required for npm/Yarn integrations only.
Example http://acme.com/artifactory
Last modified 7d ago