Comment on page
Google Artifact Registry
Let's explore GAR and gain an understanding of how to connect it to OX in the best way
Google Artifact Registry is a single place for your organization to manage container images and language packages (such as Maven and NPM). It fully integrates with Google Cloud's tooling and runtimes and supports native artifact protocols.
By connecting GAR, you will gain the ability to generate SBOM from your artifact, OS vulnerability alerts about your containers, and check the artifact integrity of your containers.
For OX to offer maximum protection, we require a Project ID and API key. This page will help you understand how to provide them to us.
Go to your cloud workspace, and create a new principal user with the following custom role:
We kindly ask that you provide us with the following permissions:
After choosing the repositories (inside your organization) that you would like to scan, copy their ID and paste it into OX.
Once you have the API token, encode it to base64 and paste the result into the API token field in the OX platform. You can do so by following these steps:
- Save the API token as a JSON file.
- In your CMD, type the following command:
base64 -w 0 <your file> > mykey
- Paste the result into the API token field in OX