Quickstart guide

Quickstart: Firewall for your dependencies


Bytesafe is a firewall for your dependencies. Protect your applications, stay in control and keep unwanted dependencies out of your organization.

By adding your dependencies to Bytesafe and working directly with our fully managed private registries you get a single source for secure dependencies for your whole organization. Don’t forget to set up a Firewall registry and make it work for you by blocking threats from getting into your organization.

Best of all, developers and CI/CD can continue using regular tools like npm, mvn, nuget, pip and even IDE’s when accessing dependencies. Or link Git repositories directly to Bytesafe for continuous software composition analysis.

1. Configure access

Accessing Bytesafe private registries requires a secure access token. Bytesafe users create their own access tokens, either for personal use or for use with CI/CDs.

For npm, create a token using npm login automatically adding it to the .npmrc file.

For NuGet, create a token in Bytesafe and add it to your NuGet.Config file with nuget.

For Maven, create a token in Bytesafe and add it to your ~/.m2/settings.xml file.

For Pip, create a token in Bytesafe and add it to your ~/.netrc file.

2. Add dependencies to your workspace

Bytesafe is nothing without packages. Users can add their own internal packages or pull external dependencies from public registries. Add dependencies as part of regular install processes or curate registries beforehand.

Add dependencies with:

  • Install - add dependencies to your project and pull them into Bytesafe from upstreams using the tools you are used tom such as npm or mvn.
  • Publish - publish and deploy a package from your local environment using the tools you are used tom such as npm or mvn.
  • Upload - upload package files directly in the Bytesafe web-app

For more details see ecosystem specific information: adding npm packages, NuGet packages, Maven artifacts and Python packages.

3. Invite your team

Stay secure by giving access to other team members and systems you work with.

  • Invite team members and make sure every developer and stakeholder has access to secure dependencies
  • Create secure access tokens for CI/CD and configure builds to use Bytesafe. Get secure dependencies when building and deploying applications

4. Manage security & compliance

Bytesafe offers a number of security and compliance features enabled out of the box.

  • Vulnerability scanner is enabled for all registries by default, scanning package for known vulnerabilities.
  • License compliance identifies open source licenses in your dependencies with configurable license policies.
  • Issues are automatically created for all problems identified in Bytesafe.

Demo registry to get you started

When you create a workspace we’ve prepared a demo registry for you, complete with a range of example packages, issues and notifications. So you can jump right in to exploring!

When you are ready to take the next step, you can create additional registries for maven or npm and add the packages you depend on.