User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  • Recommended ordering
  • Privacy-focused ordering
  1. Fundamentals
  2. Artifact Server

Artifact Server Ordering

PreviousGenerating a TokenNextConfiguring the Package Manager

Last updated 10 months ago

When using the , special care must be given to the ordering of the servers in the package manager's configuration.

Keep in mind the following considerations:

  1. Seal Security's artifact server automatically redirects downloads of regular packages to the global servers (for example for npm packages it redirects to ).

  2. Seal Security's artifact server will not redirect downloads to any private artifact server.

  3. To provide full visibility of downloaded packages, all download requests must go through Seal Security's artifact server.

Recommended ordering

The following ordering of artifact servers is the recommended configuration:

  1. Private server

  2. Seal Security's server

With this configuration, the Seal platform has maximum visibility of downloaded packages. Note that the global server need not appear in the list, because downloads of regular packages are redirected there by Seal.

Privacy-focused ordering

The following ordering of artifact servers can provide additional privacy for organizations that do not want to share with Seal Security the list of packages they depend on:

  1. Private server

  2. Global server

  3. Seal Security's server

Note that with this configuration the Seal server is only used when pulling sealed versions, so Seal Security has no visibility of the regular packages downloaded by the organization. Used this way Seal must rely on a repository to provide vulnerability alerts.

artifact server deployment
https://registry.npmjs.org
connection to the source code