How can I funnel all third_party_dependencies through an artifactory or similar self managed proxy #611
Description
How can I funnel all third_party_dependencies through an artifactory or similar self managed proxy for vulnerability scanning of those 3rd party packages to sign, attest during the build process.
I have engineers, devs pulling dependencies from random places all over the internet, however I'd like to let them do this but also transparently funnel them thru a proxy I manage for scanning with blocking capabilities when backdoors or critical vulnerabilities are found in those 3rd party packages.