NPM registry Integration

Integrating with npm registry

Integrating your private npm registry into Jit enhances your organization's security by enabling Jit to scan for dependencies vulnerabilities (SCA) in both your public and private npm packages. Our guide provides clear steps for a secure setting of this integration.

Requirements

  1. Jit GitHub integration or Jit GitLab integration
  2. npm private packages.
  3. A read-only access token to integrate into the private npm packages.

Activating the SCA Plan

  1. Go to Security Plans, locate Jit MVS, and click on View Plan. (Learn more on Jit MVS)
  2. In Application Security, locate Scan Your Code Dependencies for Vulnerabilities (SCA), and click Activate. (Learn more on Scan Your Code Dependencies for Vulnerabilities (SCA))
  3. A pop-up will appear. Mark Integrate with a private registry and click Connect

  1. Enter the access token you've generated and click Create secret

👍

That's it. Jit will now scan your private packages as well.

Additional options to activate, including existing users

  1. Add the secret directly to Secrets. The name must be NPM_REGISTRY_TOKEN
  2. Locate the tool under Integrations and click Connect

If the security requirement is already activated (e.g., for existing users), the integration will start to take effect in the following scan

🚧

Pay attention! In these options, you will still need to click activate on the SCA security requirement under Jit MVS plan

The pop-up will be skipped

Deactivating the integration

  1. Go to the Secrets and delete the NPM_REGISTRY_TOKEN token.
  2. Revoke the token on npm side, see Revoking access tokens.