You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Jfrog has announced the sunset of jcenter/bintray which means we are switching from jcenter to maven central as source of our binaries
Connecting to the Blueriq Artifactory
Blueriq provides the artifacts from every release via an Artifactory as a remote repository. A customer that wants to automate their build process or needs to create their own custom plugins and wants an automated process to retrieve the latest Blueriq dependencies can use this repository to retrieve them. Blueriq will provide a service account to customers meant to be used in an Artifactory or other binary repository manager at their side. To acquire a service account please contact: support@blueriq.com. A customer can create accounts for their employees at their binary repository manager.
The service account provided by Blueriq is not meant to be distributed to users directly and should never be used in the settings.xml of any user/build job. Unfortunately misusage of this account means we will have to disable the service account.
The service account can be used to add https://artifactory.blueriq.com/artifactory/libs-release-R17/ as an remote repository in the binary repository manager of a customer. We also kindly yet urgently request customers to cache the binaries not created by Blueriq at their own from maven central. Please order the remote repositories in such a way that our repository is only checked for the existence of artifacts created by Blueriq.
Security: include/exclude pattern for blueriq artifactory (CVE-2021-24105)
To ensure Blueriq artifacts are the official released artifacts from Blueriq please exclude the following packages from other maven repositories. When this is not done it is possible for an attacker to upload artifacts to a different maven repositories which will have higher precedents then our artifacts and will be downloaded instead of the official released artifacts.
Packages of artifacts that should not be downloaded from other repositories then the blueriq artifactory:
- com.blueriq
- nl.everest
- ibex.ibex
It is also a best practice to have a include pattern to our maven artifactory which should contain only the following packages, this way our artifactory will not be asked for (your internal) artifacts we do not serve:
- com.blueriq
- nl.everest
- ibex.ibex
- org.jfrog.artifactory.client