Skip to main content

Repository Management

The Repository Firewall license enables access to the Repository Managers hierarchy on the Organizations and Policies section of IQ Server. Similar to managing organizations and applications, from the Repository Management pages administrators may centrally manage policies, access controls, and configuration for Repository Firewall from within the IQ Server.

Tip

The features discussed in this section require a Repository Firewall license.

In this topic, we will use the following terms as they may refer to more than one thing:

  • repository manager - refers to the artifact repository that is connected to the IQ Server (eg. Nexus Repository, JFrog Artifactory)

  • repository - refer to the individual repository configured in a repository manager (eg. maven-central, npm hosted, etc.)

  • proxy/remote - refers to a repository where components are downloaded from public repositories

  • hosted - refers to a repository where components are stored on the repository manager

repo-mgm-configuration.png

Repository Managers overview page

The top-level container listing the repository managers configured with Repository Firewall. After a repository manager has been connected to the IQ Server, it is added here with a unique identifier.

See the Repository Firewall Guided Setup for details on connecting a repository manager.

In this view, all the repository managers connected to the IQ Server are managed at a high level.

  • Set universal policies and policy inheritance for use on all repository managers and their proxy repositories

  • Assign access to all repository managers

  • Set namespace protection for all repository managers

Repository Managers Overview sections

The overview page has the following sections that may be configured for all repositories:

Configuration

List of repository managers with their configured repositories in a nested table.

  • The repository name and format filters may used to limit the list displayed

  • Selecting a proxy repository will open the repository audit results. See Repository Results for details

  • View the hosted repositories from this repository manager.

  • Repositories may be removed from the configuration using the trashcan icon for that repository

    (Note: this action will not delete the repository from the repository manager)

Policy

Inherited policies from the root organization and custom policies set for all repository managers.

  • Policy actions may be overridden for all repository managers when enabled at the root organization.

  • Firewall policies can be added for all repository managers. These policies are not scoped to organizations or applications.

Namespace Confusion Protection

List of namespaces protected for all repositories. See Namespace Confusion Protection

Access

Access control for who may view repository audit reports or manage the Firewall configuration.

Edit the repository manager label

The unique identifier for any repository manager may be modified with a human-recognizable name for easier identification. We recommend using a name that is common to users in your organization.

  1. Select the pencil icon on the right of the repository instance to Edit the name.

  2. Edit the Repository Manager Name to a meaningful identifier

  3. Select Update to save

repo-mgm-edit-name.png

Single repository manager view

You may access the details page for a single repository manager from the left-hand menu dropdown. This view will let you manage configuring for a specific repository manager.

  1. When the complete listing of repository managers is not displayed, selecting the Repository Managers title will drop down the complete listing of repository managers.

  2. Selecting a single repository manager in the list will navigate to this repository manager's view.

single_repo_manager.png

Single repository manager sections

The single repository manager view has the same sections as the overview page, however they are scoped to the single repository. This provides for granular access control of individual repository manager's configuration as well as allows for policies to be scoped to the single repository manager.

  • Configuration - Filter by repository name or format; remove a repository from configuration.

  • Policies - Set policies scoped to this specific repository manager; override actions and notifications on inherited policies.

  • Namespace Confusion Protection - configure namespaces used in this repository manager.

  • Access - allow access to repository results and configuration for this repository manager.

Single repository manager actions

The single repository manager view provides the actions menu for only this repository manager.

Repository Manager ID to Clipboard

The unique repository manager ID can be used to identify the instance in log files in IQ Server or in Nexus Repository even after the repository manager name has been set to a human-readable name.

Edit Repository Manager Name

Opens the Edit repository manager name dialog as shown above.

Delete [Repository Manager name]

Used to remove the repository manager from the IQ Server configuration.

Screenshot_2024-02-15_at_6_36_45_PM.png

Single repository manager navigation

Breadcrumbs in the top navigation can be used to return to higher levels in the repository managers hierarchy. When navigating to the repository results, the back navigation will return to this view.

When in the single repository manager view the side navigation will include the proxy and hosted repositories for this repository manager. The side menu can be expanded or collapsed.

  • The proxy repository may be selected to view the repository configuration page for that proxy

  • Hosted repositories may be selected to view the hosted repository configuration page

Proxy repository configuration page

Use this summary page for proxy repository configuration to manage access to individual proxy reports and to apply policies to specific repositories. Similar to the rest of the hierarchy, access control and policy are inherent from; the Root Organization, the Repository Managers container, as well as the configuration set on the specific repository manager where the proxy is configured.

  • Follow the best practice to enable or override enforcement of policies managed at the root organization or the Repository Managers container. Enable enforcement that does not apply to all proxy repositories.

  • Set policies on a specific proxy repository that are an exception to the rest of the organization's governance policy

  • Use the access controls on the specific repository for fine-tuned access to a single proxy

  • Set violation notifications unique to this repository such as from a testing environment