Page History
| Note |
|---|
Jfrog has announced the sunset of jcenter/bintray which means we are switching from jcenter to maven central as source of our binaries |
| Table of Contents |
|---|
Connecting to the Blueriq Artifactory
Blueriq provides the artifacts from every release via an Artifactory as a remote repository. A customer that wants to automate their build process or needs to create their own custom plugins and wants an automated process to retrieve the latest Blueriq dependencies can use this repository to retrieve them. Blueriq will provide a service account to customers meant to be used in an Artifactory or other binary repository manager at their side. To acquire a service account please contact: support@blueriq.com. A customer can create accounts for their employees at their binary repository manager.
| UI Text Box | ||
|---|---|---|
| ||
The service account provided by Blueriq is not meant to be distributed to users directly and should never be used in the settings.xml of any user/build job. Unfortunately misusage of this account means we will have to disable the service account. |
The service account can be used to add https://artifactory.blueriq.com/artifactory/libs-release-R14/ as an remote repository in the binary repository manager of a customer. We also kindly yet urgently request customers to cache the binaries not created by Blueriq at their own from maven central. Please order the remote repositories in such a way that our repository is only checked for the existence of artifacts created by Blueriq.
Security: include/exclude pattern for blueriq artifactory (CVE-2021-24105)
To ensure Blueriq artifacts are the official released artifacts from Blueriq please exclude the following packages from other maven repositories. When this is not done it is possible for an attacker to upload artifacts to a different maven repositories which will have higher precedents then our artifacts and will be downloaded instead of the official released artifacts.
Packages of artifacts that should not be downloaded from other repositories then the blueriq artifactory:
- com.blueriq
- nl.everest
- ibex.ibex
It is also a best practice to have a include pattern to our maven artifactory which should contain only the following packages, this way our artifactory will not be asked for (your internal) artifacts we do not serve:
- com.blueriq
- nl.everest
- ibex.ibex
- org.jfrog.artifactory.client
This is for
| Jira | ||||||
|---|---|---|---|---|---|---|
|
Should also be part of
| Jira | ||||||
|---|---|---|---|---|---|---|
|
Blueriq provides an Artifactory containing Blueriq artifacts which are updated every releases. A customer can use this Artifactory in its automated build process to use the latest Blueriq artifacts. Customers can request access by e-mailing support (email support@blueriq.com).
If you have access to the Blueriq Artifactory you need to configure your settings.xml. This is file is located in the .m2 maven home folder which is usually located in the user home folder.
Instructions
Copy the settings.xml below to your settings.xml and replace USERNAME and ENCRYPTED PASSWORD with the appropriate values. The ENCRYPTED PASSWORD is an encrypted version of your password that you can use in configuration files without exposing your actual password. If you only have a password, you can generate and encrypted password on the Artifactory Profile Page by entering your password and pressing unlock.
...
| language | xml |
|---|---|
| title | settings.xml |
...
Overview
Content Tools