Overview
The Google Artifact Registry (GAR) integration allows Backline to access packages from your Google Artifact Registry. This is required for Backline to build and analyze projects that depend on private packages hosted in Google Artifact Registry.What You Can Do
With the GAR integration, Backline can:- Resolve packages from your Google Artifact Registry
- Build and analyze projects that depend on packages in your GAR
- Provide remediation for vulnerabilities in projects using GAR as their package source
Prerequisites
Before connecting GAR, ensure you have:- A Google Cloud account with Artifact Registry repositories
- The Artifact Registry API enabled for your project
- Permissions to create service accounts and assign roles
Enabling the Artifact Registry API
Enable the Artifact Registry API for the Google account you plan on integrating with Backline.Navigate to the API Library
Go to the Artifact Registry API page in the Google Cloud Console.
Creating a Service Account
To enable permissions for GAR integration, you need to create a service account with the appropriate roles.Navigate to Credentials
Go to the Google Cloud Console Credentials page.Select the Google project for which you are creating credentials if it is not already selected.
Create Service Account
Click the Create Credentials button and select Service Account.Give the new service account a unique name and ID, then click Create and Continue.
Assign Permissions
On the Service account permissions page:
- Click Select a role and choose Artifact Registry Reader
- Click Add another role
- Add a role that has the
resourcemanager.projects.listpermission, such as Browser or Viewer - Click Continue, then Done
Generate JSON Key
- In the Service Accounts section, click on the service account you just created
- Go to the Keys tab
- Click Add Key → Create new key
- Select JSON as the key type
- Click Create
Required Permissions
The service account requires the following roles:| Role | Purpose |
|---|---|
| Artifact Registry Reader | Read access to packages and repositories |
| Browser or Viewer | Required for resourcemanager.projects.list permission |
Connecting GAR
After Connection
Once GAR is configured, Backline will:- Use the provided service account to authenticate with Google Artifact Registry
- Access packages from your GAR repositories during dependency analysis
- Provide remediation for projects that depend on packages in your GAR
Managing the Integration
Updating Configuration
To update the integration settings:- Open the Integration Hub
- Click on the Google Artifact Registry integration
- Upload a new JSON key if needed
- Click Save
Rotating Keys
To rotate the service account key:- Generate a new JSON key in the Google Cloud Console (following the steps above)
- Update the key in Backline
- Delete the old key from the Google Cloud Console
Disconnecting
To remove the GAR integration:- Go to the Integration Hub
- Click on the Google Artifact Registry integration
- Select Disconnect
- Confirm your choice
Troubleshooting
Authentication Failed
If Backline cannot authenticate with Google Cloud:- Verify the JSON key file is valid and not corrupted
- Check that the service account hasn’t been deleted
- Ensure the key hasn’t been revoked in the Google Cloud Console
Permission Denied
If Backline cannot access repositories:- Verify the service account has the Artifact Registry Reader role
- Check that the Browser or Viewer role is assigned
- Ensure the Artifact Registry API is enabled for your project
Package Resolution Issues
If specific packages cannot be resolved:- Verify the package exists in your Google Artifact Registry
- Check that the service account has access to the correct project
- Allow a few minutes for the API enablement to propagate