Package Firewalls
Phylum Package Firewalls allows users to configure their artifact repositories and/or package managers to block untrusted packages.
How It Worksโ
Instead of pointing your system to the primary ecosystem registry, configure it to point to Phylum. Set your Phylum policy and Phylum will block any package or version that violates the policy.
Supported Ecosystemsโ
The following table shows the supported ecosystem registries and the custom Phylum registry URLs under which they are hosted:
Ecosystem | Phylum Registry URL |
---|---|
Cargo | https://cargo.phylum.io/ |
Golang | https://golang.phylum.io |
Maven | https://maven.phylum.io/ |
NPM | https://npm.phylum.io/ |
NuGet | https://nuget.phylum.io/v3/index.json |
PyPI | https://pypi.phylum.io/simple/ |
RubyGems | https://rubygems.phylum.io/ |
Configurationโ
Instructions for configuring Phylum for artifact repositories and package registries:
Artifact Repositoriesโ
Artifact Repository | Information Link |
---|---|
Artifactory | Documentation |
Nexus Repository | Documentation |
Package Registriesโ
Ecosystem | Information Link |
---|---|
Cargo | Documentation |
Golang | Documentation |
Maven | Documentation |
NPM | Documentation |
NuGet | Documentation |
PyPI | Documentation |
RubyGems | Documentation |
Notification APIโ
Phylum supports sending out notifications whenever a package fails analysis. To receive those notifications, you can setup webhooks.
Currently Unsupportedโ
If you don't find what you're looking for here, please also see the Currently Unsupported page.
Frequently Asked Questionsโ
See the FAQ for common questions about using the package firewall.