Skip to content

CodeScoring OSA

Overview

CodeScoring implements the OSA module through specialized plugins that block the downloading of unwanted components into the Sonatype Nexus Repository and JFrog Artifactory.

The plugin is built into the request|response chain of Sonatype Nexus Repository and JFrog Artifactory, which ensures that unwanted components are blocked during any attempt to download them using the command interface of the selected package manager or the web interface.

Recommendations for installing and configuring the plugin:

Archive analysis

The plugins support scanning archives in the following formats:

Ecosystem Archive format
Maven .jar, .war, .ear
NPM .tgz
PyPI .zip, .tar, .tgz, .tar,gz, .tar.bz2, .egg, .whl
Nuget .nupkg
Cocoapods .tar.gz, .zip
Go .mod, .zip
Gems .rz, gz .gem
Debian .deb, .xz, .gz
Yum .rpm
Alpine .apk
Docker .json