Package Firewalls
Phylum Package Firewalls allows users to configure their artifact repositories and/or package managers to block untrusted packages.
How It Works​
Instead of pointing your system to the primary ecosystem registry, configure it to point to Phylum. Set your Phylum policy and Phylum will block any package or version that violates the policy.
Supported Ecosystems​
The following table shows the supported ecosystem registries and the custom Phylum registry URLs under which they are hosted:
| Ecosystem | Phylum Registry URL |
|---|---|
| Cargo | https://cargo.phylum.io/ |
| Golang | https://golang.phylum.io |
| Maven | https://maven.phylum.io/ |
| NPM | https://npm.phylum.io/ |
| NuGet | https://nuget.phylum.io/v3/index.json |
| PyPI | https://pypi.phylum.io/simple/ |
| RubyGems | https://rubygems.phylum.io/ |
Configuration​
Instructions for configuring Phylum for artifact repositories and package registries:
Artifact Repositories​
| Artifact Repository | Information Link |
|---|---|
| Artifactory | Documentation |
| Nexus Repository | Documentation |
Package Registries​
| Ecosystem | Information Link |
|---|---|
| Cargo | Documentation |
| Golang | Documentation |
| Maven | Documentation |
| NPM | Documentation |
| NuGet | Documentation |
| PyPI | Documentation |
| RubyGems | Documentation |
Notification API​
Phylum supports sending out notifications whenever a package fails analysis. To receive those notifications, you can setup webhooks.
Currently Unsupported​
If you don't find what you're looking for here, please also see the Currently Unsupported page.
Frequently Asked Questions​
See the FAQ for common questions about using the package firewall.