Integrating your private npm registry into Jit enhances your organization's security by enabling Jit to scan for dependencies vulnerabilities (SCA) in both your public and private npm packages. Our guide provides clear steps for a secure setting of this integration.
- Jit GitHub integration.
- npm private packages.
- A read-only access token to integrate into the private npm packages.
- For more details on creating the tokens, see Using private packages in a CI/CD workflow.
- Go to Security Plans, locate Jit MVS, and click on View Plan. (Learn more on Jit MVS)
- In Application Security, locate Scan Your Code Dependencies for Vulnerabilities (SCA), and click Activate. (Learn more on Scan Your Code Dependencies for Vulnerabilities (SCA))
- A pop-up will appear. Mark Integrate with a private registry and click Connect
- Enter the access token you've generated and click Create secret
That's it. Jit will now scan your private packages as well.
- Add the secret directly to Secrets. The name must be NPM_REGISTRY_TOKEN
- Locate the tool under Integrations and click Connect
If the security requirement is already activated (e.g., for existing users), the integration will start to take effect in the following scan
Pay attention! In these options, you will still need to click activate on the SCA security requirement under Jit MVS plan
The pop-up will be skipped
Updated 15 days ago