Seedwing Proxy

The Seedwing Proxy is a stateless proxy that sits between a build pipeline and any upstream repository contributing to the build.

By applying a build-specific policy, the Seedwing Proxy will allow or disallow access to the upstream artifacts based upon signatures in Sigstore, and possibly In-Toto in the future.

Configuration

Despite its name, this is not a web/http proxy in the conventional sense. It behaves as a local registry, proxying requests for software artifacts to an actual repository and returning them only if they match a given policy.

Cargo

In .cargo/config:

[source.seedwing]
registry = "http://localhost:8181/crates-io/"

[source.crates-io]
replace-with = "seedwing"

Maven

In settings.xml:

<settings>

  <mirrors>
    <mirror>
      <id>seedwing</id>
      <name>Seedwing "Proxy" Repository</name>
      <url>http://0.0.0.0:8181/m2/</url>
      <mirrorOf>central</mirrorOf> <!-- This is important -->
    </mirror>
  </mirrors>
  ...
</settings>

About

Policy-enforcing Artifact Proxy

Apache License 2.0

Languages

Language:Rust 95.0%Language:HTML 4.9%Language:CSS 0.2%