From c78bbef7270957a4252396458ad9dfe1a5d9ecbc Mon Sep 17 00:00:00 2001 From: Jacek Rzeniewicz Date: Wed, 27 Nov 2024 11:07:58 +0000 Subject: [PATCH] docs: document how to set up local dev tools with Artifactory Just in case anyone (myself in 2 days) isn't sure how to quickly set up local ecosystem tools to try out the plugin - adding some tips to the README. --- README.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/README.md b/README.md index 9480bbf..78794f6 100644 --- a/README.md +++ b/README.md @@ -62,3 +62,79 @@ unzip -p distribution/target/artifactory-snyk-security-plugin-LOCAL-SNAPSHOT.zip ## Inspecting plugin logs In order to see the logs, set the log level for Snyk by inserting this line: `` into this file: `distribution/docker/etc/artifactory/logback.xml`. + +## Testing supported ecosystems +Here are some tips for pointing local dev tools to Artifactory in order to try out the plugin. + +### NPM +1. In the Artifactory UI, create a remote NPM repository using Repository Key `npm`. +2. Authenticate your NPM client: `npm login --registry=http://localhost:8081/artifactory/api/npm/npm/ --auth-type=web`. +3. Install a package `npm add jest-get-type@30.0.0-alpha.5 --registry=http://localhost:8081/artifactory/api/npm/npm/ --cache /tmp/npm-cache && rm -rf /tmp/npm-cache` + +### Maven +This actually uses a Gradle project to test: +1. In the Artifactory UI, create a remote Maven repository using Repository Key `maven`. +2. Drop repository coords in `settings.gradle.kts` of your Gradle project (see the snippet below). +```kotlin +pluginManagement { + repositories { + maven { + url = uri("http://localhost:8082/artifactory/maven/") + isAllowInsecureProtocol = true + credentials { + username = "admin" + password = "password" + } + } + gradlePluginPortal() + } +} +``` +3. Make sure the `repositories` block only includes your Artifactory in `build.gradle.kts` (see the second snippet below). +```kotlin +repositories { + maven { + url = uri("http://localhost:8082/artifactory/maven/") + isAllowInsecureProtocol = true + credentials { + username = "admin" + password = "password" + } + } +} +``` +4. Install your project's dependencies. + + +### PyPi +1. In the Artifactory UI, create a remote Pypi repository using Repository Key `pypi`. +2. `pip3 install --index-url http://localhost:8082/artifactory/api/pypi/pypi/simple libdev` + +### Ruby Gems +1. In the Artifactory UI, create a remote Gems repository using Repository Key `rubygems`. +2. Still in the Artifactory UI, navigate to the artifacts view and hit the `Set me up` option. +3. Choose the `rubygems` repository and generate an access token. +4. `gem source -a http://admin:ACCESS_TOKEN_FROM_PREVIOUS_STEP@localhost:8081/artifactory/api/gems/rubygems/` +5. `gem install openssl` + +### Cocoapods +1. In the Artifactory UI, create a remote CocoaPods repository using Repository Key `cocoapods`. +2. Create a `Podfile`: +``` +source "http://localhost:8081/artifactory/api/pods/cocoapods" +project 'project/test/test.xcodeproj' +platform :ios, '10.0' +target 'test' do + use_frameworks! + pod 'Alamofire', '~> 5.10' + pod 'Bolts', '~> 1.9' +end +``` +3. `pod install` + +### Nuget +1. In the Artifactory UI, create a remote Nuget repository using Repository Key `nuget`. +2. `nuget sources Add -Name Artifactory -Source http://localhost:8081/artifactory/api/nuget/nuget` +3. Disable the default source: `nuget sources disable -Name nuget.org`. +4. Verify only Artifactory is enabled: `nuget sources List`. +5. `nuget install Newtonsoft.Json -Version 13.0.1`