Skip to main content

Artifact Repositories

Phylum for artifact repositories allows users to configure their artifact repositories and/or package managers to block untrusted packages.

How It Works​

Instead of pointing your system to the primary ecosystem registry, configure it to point to Phylum. Set your Phylum policy and Phylum will block any package or version that violates the policy.

Supported Ecosystems​

The following table shows the supported ecosystem registries and the custom Phylum registry URLs under which they are hosted:

EcosystemPhylum Registry URL
Cargohttps://cargo.phylum.io/
NPMhttps://npm.phylum.io/
PyPIhttps://pypi.phylum.io/simple/
RubyGemshttps://rubygems.phylum.io/

Configuration​

Instructions for configuring Phylum for artifact repositories and package registries:

Artifact Repositories​

Artifact RepositoryInformation Link
ArtifactoryDocumentation

Package Registries​

EcosystemInformation Link
CargoDocumentation
NPMDocumentation
PyPIDocumentation
RubyGemsDocumentation

Notification API​

Phylum supports sending out notifications whenever a package fails analysis. To receive those notifications, you can setup webhooks.