Ctrlk
Changelog NotificationsAPIAikido login

JFrog Artifactory

Route your registry traffic through Aikido's registry proxy by configuring JFrog Artifactory as an intermediary. Artifactory pulls packages from Aikido instead of the public registries, so every package your team installs is checked for malware, age restrictions, and known vulnerabilities.

1

Get your Aikido proxy URL

Go to Settings > Registry Proxy, select NPM or PyPI and copy the upstream proxy URL

2

Create a Remote Repository in Artifactory

  1. In Artifactory, go to Administration > Repositories.

  2. Click New Repository and select Remote.

  3. Set Package Type to npm or PyPI.

  4. Give the repository a key, for example aikido-npm or aikido-pypi.

  5. Set the URL field to your Aikido proxy URL from step 1.

  6. Save the repository.

3

(Optional) Create a Virtual Repository

If you also have internal packages stored in a local Artifactory repository, create a Virtual Repository that aggregates both:

  1. Go to Administration > Repositories > New Repository > Virtual.

  2. Set Package Type to match your remote repository (npm or PyPI).

  3. Add your local repository and the remote aikido-npm or aikido-pypi repository as members.

  4. Point your package manager at the virtual repository URL instead.

This gives your team a single registry endpoint that serves both internal packages and externally proxied packages through Aikido.

4

Configure Developer Machines to use Artifactory

Point each developer's package manager at the Artifactory repository. See JFrog's documentation for the exact steps:

npm repositories -- connect your client

5

(Optional) Block the public registry with Device Protection

Once Artifactory is in place, developers can still bypass it by pointing their package manager directly at the public registry. Deploy Aikido Device Protection to enforce that all traffic goes through your private registry.

Block Public Package Registries

Last updated

Was this helpful?