I’m using the Nexus 3.37
Our organization uses some tools to know that there are some vulnerable or dangerous dependent package names in the public network warehouse or nexus local warehouse. If nexus acts as an agent for the public network warehouse of this package, however, users do not know that there is a problem with this package. How to restrict or prohibit users from downloading and using this dependent package on nexus? How can nexus not download (filter out) the specified package from the public network warehouse? Can this function be realized?
Sonatype offers a product that does exactly what you described - Nexus Firewall - which benefits from using high quality data vetted by our security researchers, protecting from vulnerable as well as malicious packages, and protecting you from legal problems by examining incompatibilities of licensing according to your rules.
However, if you want to continue using your current tool and still have Nexus Repository to block access some selected packages, you may look into using Content Selectors
It’s not really designed for this, but you could also use routing rules to block individual packages or paths. Routing Rules
I tried the method which “content selectors” you said,It will be filter the packages and files I want.
Then i create an privilege,and grant this privilege on someone role and binding an user,When i use the filter packages,it still can be download.
Maybe my configuration is wrong, Privilege Actions incloud:
*,I don’t know what would make the package undownloadable.
As @mmartz said,I have realized the function
Thank you all the same!!!
Thank you !
As you say，I realized my needs.
But some problem I still not understand.
According to my understanding,This is a limitation from the public network to the Nexus and from the Nexus to the client. If the Nexus does not have this package, it will not be download from the public network proxy repository to the nexus. If the package was already in the Nexus before the routing rules were added, the client can not download the package yet after adding the routing rules.
Am I right?
Thanks a lot!!!