Repository Management
The Repository Firewall license enables access to the Repository Managers
hierarchy on the Organizations and Policies
section of IQ Server. Similar to managing organizations and applications, from the Repository Management pages administrators may centrally manage policies, access controls, and configuration for Repository Firewall from within the IQ Server.
Tip
The features discussed in this section require a Repository Firewall license.
In this topic, we will use the following terms as they may refer to more than one thing:
repository manager - refers to the artifact repository that is connected to the IQ Server (eg. Nexus Repository, JFrog Artifactory)
repository - refer to the individual repository configured in a repository manager (eg. maven-central, npm hosted, etc.)
proxy/remote - refers to a repository where components are downloaded from public repositories
hosted - refers to a repository where components are stored on the repository manager
Repository Managers overview page
The top-level container listing the repository managers configured with Repository Firewall. After a repository manager has been connected to the IQ Server, it is added here with a unique identifier.
See the Repository Firewall Guided Setup for details on connecting a repository manager.
In this view, all the repository managers connected to the IQ Server are managed at a high level.
Set universal policies and policy inheritance for use on all repository managers and their proxy repositories
Assign access to all repository managers
Set namespace protection for all repository managers
Repository Managers Overview sections
The overview page has the following sections that may be configured for all repositories:
List of repository managers with their configured repositories in a nested table.
| |
Inherited policies from the root organization and custom policies set for all repository managers.
| |
List of namespaces protected for all repositories. See Namespace Confusion Protection | |
Access control for who may view repository audit reports or manage the Firewall configuration. |
Edit the repository manager label
The unique identifier for any repository manager may be modified with a human-recognizable name for easier identification. We recommend using a name that is common to users in your organization.
Select the pencil icon on the right of the repository instance to
Edit
the name.Edit the
Repository Manager Name
to a meaningful identifierSelect
Update
to save
Single repository manager view
You may access the details page for a single repository manager from the left-hand menu dropdown. This view will let you manage configuring for a specific repository manager.
When the complete listing of repository managers is not displayed, selecting the
Repository Managers
title will drop down the complete listing of repository managers.Selecting a single repository manager in the list will navigate to this repository manager's view.
Single repository manager sections
The single repository manager view has the same sections as the overview page, however they are scoped to the single repository. This provides for granular access control of individual repository manager's configuration as well as allows for policies to be scoped to the single repository manager.
Configuration - Filter by repository name or format; remove a repository from configuration.
Policies - Set policies scoped to this specific repository manager; override actions and notifications on inherited policies.
Namespace Confusion Protection - configure namespaces used in this repository manager.
Access - allow access to repository results and configuration for this repository manager.
Single repository manager actions
The single repository manager view provides the actions menu for only this repository manager.
The unique repository manager ID can be used to identify the instance in log files in IQ Server or in Nexus Repository even after the repository manager name has been set to a human-readable name. | |
Opens the Edit repository manager name dialog as shown above. | |
Used to remove the repository manager from the IQ Server configuration. |
Proxy repository configuration page
Use this summary page for proxy repository configuration to manage access to individual proxy reports and to apply policies to specific repositories. Similar to the rest of the hierarchy, access control and policy are inherent from; the Root Organization, the Repository Managers container, as well as the configuration set on the specific repository manager where the proxy is configured.
Follow the best practice to enable or override enforcement of policies managed at the root organization or the Repository Managers container. Enable enforcement that does not apply to all proxy repositories.
Set policies on a specific proxy repository that are an exception to the rest of the organization's governance policy
Use the access controls on the specific repository for fine-tuned access to a single proxy
Set violation notifications unique to this repository such as from a testing environment