Package Firewall
The Vulnetix Package Firewall sits between your package manager and upstream registries. It authenticates your organization, checks dependency policy, and proxies allowed packages from trusted mirrors.
Go is the first supported package manager. NPM support is planned next.
Go Setup
Run:
vulnetix package-firewall go
The command:
- verifies your Vulnetix CLI credentials
- derives an API key when your CLI is authenticated with SigV4
- writes Basic auth credentials to
.netrc - persists
GOPROXY=https://packages.vulnetix.com - persists
GOAUTH=netrc - updates detected project files at the git root:
.env,.envrc, andMakefile
Preview changes without writing files:
vulnetix package-firewall go --dry-run
Authentication
Go reads credentials from .netrc when GOAUTH=netrc is set.
Linux and macOS:
machine packages.vulnetix.com
login your-organization-uuid
password your-api-key-hex
chmod 600 ~/.netrc
Windows:
%USERPROFILE%\_netrc
Use the same machine entry:
machine packages.vulnetix.com
login your-organization-uuid
password your-api-key-hex
Manual Go Configuration
The setup command writes the persistent equivalent of:
export GOPROXY="https://packages.vulnetix.com"
export GOAUTH="netrc"
Fish:
set -gx GOPROXY https://packages.vulnetix.com
set -gx GOAUTH netrc
PowerShell:
Add-Content $PROFILE '$env:GOPROXY = "https://packages.vulnetix.com"'
Add-Content $PROFILE '$env:GOAUTH = "netrc"'
CMD:
setx GOPROXY "https://packages.vulnetix.com"
setx GOAUTH "netrc"
Project Files
When run inside a git repository, the CLI updates existing files only:
.env
GOPROXY=https://packages.vulnetix.com
GOAUTH=netrc
.envrc
export GOPROXY="https://packages.vulnetix.com"
export GOAUTH="netrc"
Makefile
export GOPROXY=https://packages.vulnetix.com
export GOAUTH=netrc
Verify
vulnetix auth status
go env GOPROXY GOAUTH
go list -m all
If auth status reports that .netrc permissions are too open, run:
chmod 600 ~/.netrc