Connecting to the Blueriq Artifactory

Blueriq provides the artifacts from every release via an Artifactory as a remote repository. A customer that wants to automate their build process or needs to create their own custom plugins and wants an automated process to retrieve the latest Blueriq dependencies can use this repository to retrieve them. Blueriq will provide a service account to customers meant to be used in an Artifactory or other binary repository manager at their side. To acquire a service account please contact: support@blueriq.com. A customer can create accounts for their employees at their binary repository manager. 

The service account can be used to add https://artifactory.blueriq.com/artifactory/libs-release-R14/ as an remote repository in the binary repository manager of a customer. We also kindly yet urgently request customers to cache the binaries not created by Blueriq at their own from maven central. Please order the remote repositories in such a way that our repository is only checked for the existence of artifacts created by Blueriq.

Security: include/exclude pattern for blueriq artifactory (CVE-2021-24105)

To ensure Blueriq artifacts are the official released artifacts from Blueriq please exclude the following packages from other maven repositories. When this is not done it is possible for an attacker to upload artifacts to a different maven repositories which will have higher precedents then our artifacts and will be downloaded instead of the official released artifacts.

Packages of artifacts that should not be downloaded from other repositories then the blueriq artifactory:

• com.blueriq
• nl.everest
• ibex.ibex

It is also a best practice to have a include pattern to our maven artifactory which should contain only the following packages, this way our artifactory will not be asked for (your internal) artifacts we do not serve:

• com.blueriq
• nl.everest
• ibex.ibex
• org.jfrog.artifactory.client