Connect to the Endor Labs Patch Factory

Learn how to connect to the Endor Labs Patch Factory and use an Endor patch.

You can start using Endor patches with 3 simple steps:

  1. Configure an API Key to connect to the Endor Labs Patch Factory
  2. Configure your package manager to use Endor patches.
  3. Specify the Endor Patch you want to use.

Create an API key

To gain Rest API access to Endor Labs Patch Factory, you have to generate API credentials to authenticate to the repository.

  1. From Manage, navigate to API Keys.
  2. Select Generate API Key.
  3. Enter a name to identify the API key, such as “Endor Patch Factory”.
  4. Select the permissions to apply to the API Key, you’ll need at least Read Only.
  5. Select the expiration date of the API key. This may be either 30, 60, or 90 days.

Using these credentials, you can configure Endor Labs your package manager or Artifact Repository proxy to authenticate to the Endor Patch Factory.

Configure Gradle

  1. Open the build.gradle file of the package you’d like to configure to use patches.
  2. Include a repositories section in the build.gradle file to establish a repository connection to the Endor Labs Patch Factory. Make sure to replace with the name of your Endor Labs namespace.
  3. Include a reference to the Endor Patch version in the build.gradle file.

Example repositories section:

repositories {
    mavenCentral()
    maven {
        url "https://factory.endorlabs.com/v1/namespaces/<namespace>/maven2"
        credentials {
            username "$ENDOR_API_CREDENTIALS_KEY"
            password "$ENDOR_API_CREDENTIALS_SECRET"
    }
}

Finally, include the Endor Labs patch version you’d like to use. For example, to use the latest patched version from Endor Labs add -endor-latest to the version of your dependency.

dependencies {
    implementation("com.fasterxml.jackson.core:jackson-databind:2.9.10.3-endor-latest")
}

See configuring a Maven virtual repository for more details on connecting with Endor Labs Patch factory using Artifactory.

Configure Maven

  1. Open the pom.xml file of the package you’d like to configure to use patches.
  2. If there is no section in the pom.xml, then create one.
  3. Include a repositories section in the pom.xml file to establish a repository connection to the Endor Labs Patch Factory. Make sure to replace with the name of your Endor Labs namespace.
<repositories>
  <repository>
    <id>endorlabs</id>
    <url>https://factory.endorlabs.com/v1/namespaces/<namespace>/maven2</url>
  </repository>
</repositories>
  1. Next, open the Maven settings.xml file located at $HOME/.m2/settings.xml and add a section to the settings file with your Endor Labs credentials.
    • The value must be your API key.
    • The must be your API key secret.
    • The value must be same as the value provided in the pom.xml.

Example:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                              http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <servers>
        <server>
            <id>endorlabs</id>
            <username>${env.ENDOR_API_CREDENTIALS_KEY}</username>
            <password>${env.ENDOR_API_CREDENTIALS_SECRET}</password>
        </server>
    </servers>
</settings>
  1. Finally, include the Endor Labs patch version you’d like to use in to your manifest. For example, to use the latest patched version from Endor Labs include -endor-latest to the version of your dependency.
<dependency>
   <groupId>com.fasterxml.jackson.core</groupId>
   <artifactId>jackson-databind</artifactId>
   <version>2.9.10.3-endor-latest</version>
</dependency>

Configure a Maven virtual repository with JFrog’s Artifactory

If your organization uses Artifactory as its primary package repository you’ll need to configure the Artifactory to pull packages from Endor Labs.

  1. Login to Artifactory as an administrator.
  2. From the Admin view go to Repositories.
  3. Configure a new remote repository by selecting Create a Repository.
  4. Ensure you configure a repository of type Maven.
  5. Enter a Repository Key to uniquely identify the repository, such as endorlabs.
  6. Enter the URL https://factory.endorlabs.com/v1/namespaces//maven2. Make sure to replace with the namespace of your Endor Labs tenant.
  7. For the Username field use your Endor Labs API Key.
  8. For the Password field use your API Key Secret.
  9. Make sure to test your configuration.
  10. Finally, create a virtual repository and set it as the first priority remote repository in the virtual repository. You can now use this virtual repository to pull Endor Labs patches.