Endor Labs provides a secure Maven repository for patched versions of open source dependencies. This guide explains how to connect to the Endor Patch Factory and use Endor patches in your build tools.
See Accessing the Endor Patch repository for detailed instructions on how to access the Endor Patch repository directly and configure your build tools to use Endor patches.
You can start using Endor patches with the following simple steps:
- Create an API key
- Configure your package manager to use Endor patches
- Specify the Endor Patch you want to use
Create an API key
To gain Rest API access to Endor Labs Patch Factory, you have to generate API credentials to authenticate to the repository.
- From Manage, navigate to API Keys.
- Select Generate API Key.
- Enter a name to identify the API key, such as “Endor Patch Factory”.
- Select the permissions to apply to the API Key, you’ll need at least Read Only.
- Select the expiration date of the API key. This may be either 30, 60, or 90 days.
Using these credentials, you can configure Endor Labs your package manager or Artifact Repository proxy to authenticate to the Endor Patch Factory.
Configure Gradle
-
Open the
build.gradlefile of the package you’d like to configure to use patches. -
Include a repositories section in the
build.gradlefile to establish a repository connection to the Endor Labs Patch Factory. Make sure to replacenamespacewith the name of your Endor Labs namespace. -
Include a reference to the Endor Patch version in the
build.gradlefile.The following example repository section shows how to configure Gradle to use the Endor Patch Factory.
repositories { mavenCentral() maven { url "https://factory.endorlabs.com/v1/namespaces/<namespace>/maven2" credentials { username "$ENDOR_API_CREDENTIALS_KEY" password "$ENDOR_API_CREDENTIALS_SECRET" } } } -
Finally, include the Endor Labs patch version you’d like to use. For example, to use the latest patched version from Endor Labs add
-endor-latestto the version of your dependency.The following example dependency section shows how to configure Gradle to use the Endor Patch Factory.
dependencies { implementation("com.fasterxml.jackson.core:jackson-databind:2.9.10.3-endor-latest") }
Configure Maven
-
Open the
pom.xmlfile of the package you’d like to configure to use patches. -
If there is no
<repositories>section in thepom.xml, then create one. -
Include a repositories section in the
pom.xmlfile to establish a repository connection to the Endor Labs Patch Factory. Make sure to replace<namespace>with the name of your Endor Labs namespace.<repositories> <repository> <id>endorlabs</id> <url>https://factory.endorlabs.com/v1/namespaces/<namespace>/maven2</url> </repository> </repositories> -
Next, open the Maven
settings.xmlfile located at$HOME/.m2/settings.xmland add a<server>section to the settings file with your Endor Labs credentials.- The
usernamevalue must be your API key. - The
passwordmust be your API key secret. - The
idvalue must be same as the value provided in thepom.xml.
The following example
settings.xmlfile shows how to configure Maven to use the Endor Patch Factory.<?xml version="1.0" encoding="UTF-8"?> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <server> <id>endorlabs</id> <username>${env.ENDOR_API_CREDENTIALS_KEY}</username> <password>${env.ENDOR_API_CREDENTIALS_SECRET}</password> </server> </servers> </settings> - The
-
Finally, include the Endor Labs patch version you’d like to use in to your manifest. For example, to use the latest patched version from Endor Labs include
-endor-latestto the version of your dependency.The following example dependency section shows how to configure Maven to use the Endor Patch Factory.
<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.10.3-endor-latest</version> </dependency>