Connect Package Firewall to package ecosystems

Package Firewall can be configured for artifact repositories or package managers. The recommended method is to use artifact repositories, which provide centralized control and easier policy enforcement.

1. Artifact repositories: artifact repositories provide a central location to host or proxy packages. Configuring Package Firewall with artifact repositories is recommended because it centralizes access control for both internal and external packages.

   • Hosted repositories: store internal packages securely and control who can publish or download packages.

   • Proxy repositories: cache packages from public registries while applying Package Firewall policies to ensure that only approved packages are available to developers.

     This approach simplifies policy enforcement, improves security, and provides a single point for monitoring package activity. To learn more about configuring artifact repositories, see Configure artifact repositories.

2. Package managers: you can configure Package Firewall to work directly with public package registries, such as npm, PyPI, or Maven. In this configuration, Package Firewall evaluates packages as they are downloaded and blocks any that violate your policies.

   • Connect build systems or package managers directly to Package Firewall instead of the public registry.
   • Apply policies to enforce compliance, security, and licensing rules.
   • Monitor downloads and package activity to detect and address potential risks in real time.

   To learn more about configuring package managers, see Configure package managers.