Private Dependencies
Analyzing a private project sometimes needs access to another private repository. Your team might be using a Git repository to distribute a private library. This kind of dependency is supported in some tools including Bundler, npm.
We support using SSH to access a private repository during an analysis session.
Generating an SSH private key
When you click the “Generate Key” button, Sider generates a 4096 bit RSA key used in analysis sessions automatically.
We strongly recommend against adding secret keys to public repositories. Their analysis results are publicly accessible, and your secret keys might get exposed.
Downloading the SSH public key
After generating, you can download the SSH public key used in analysis sessions from this page. The key is able to be added as Deploy Keys in GitHub.
The SSH public key is supposed to be configured in another repository.
For example, think about the case your repository A depends on another private repository B, which is hosted on GitHub. You should configure following the steps:
- Access the repository settings page of A on Sider
- Click "Generate Key"
- Click "Download Public Key"
- Access the repository settings page of B on GitHub
- Click "Deploy keys"
- Click "Add deploy key"
- Copy the downloaded public key and paste it in "Key" input form
- Click "Add key"
Using SSH
Currently, only a few analysis tools use an SSH configuration.
- All Ruby analyzers (bundle install)
- ESLint (npm install)
- TSLint (npm install)
- CoffeeLint (npm install)
- stylelint (npm install)
Other tools do not use SSH so adding an SSH key for such tools are not needed.