Sider Documentation

Sider Documentation

  • Enterprise
  • News
  • Sider Top

›Advanced Settings

Getting Started

  • Home
  • Intro Videos
  • Setting up Sider
  • Dashboard Overview
  • Repository Settings
  • Custom Analysis Configuration
  • Recommended Ruleset
  • Working with Issues
  • Permissions
  • Skip Analyzing

Analysis Tools

    Ruby

    • RuboCop
    • Reek
    • Querly
    • Rails Best Practices
    • Brakeman
    • HAML-Lint
    • Slim-Lint (beta)

    Java

    • Checkstyle
    • PMD
    • JavaSee

    Kotlin

    • ktlint (beta)
    • detekt (beta)

    JavaScript and Flavors

    • ESLint
    • JSHint
    • TyScan
    • CoffeeLint
    • TSLint (deprecated)

    CSS

    • stylelint
    • SCSS-Lint (deprecated)

    PHP

    • PHP_CodeSniffer
    • PHPMD
    • Phinder

    Python

    • Flake8
    • Pylint (beta)

    Swift

    • SwiftLint

    Go

    • GolangCI-Lint

    C/C++

    • Cppcheck
    • cpplint
    • Clang-Tidy (beta)

    C#

    • FxCop (beta)

    Shell script

    • ShellCheck

    Dockerfile

    • hadolint

    Markdown

    • remark-lint

    Others

    • Goodcheck
    • Misspell
    • LanguageTool (beta)
    • PMD CPD (beta)

Custom Rules

  • Intro to Custom Rules
  • Goodcheck
  • Tips & Tricks

Advanced Settings

  • Inline Comments
  • Private Dependencies
  • Restricting access to Close button
  • Transferring a repository

Billing and Plans

  • Billing and Plans

Troubleshooting

  • Troubleshooting

Enterprise

  • Outline
  • System Overview
  • Installation
  • Configuration
  • Operation
  • Update
  • Load Balancer
  • MySQL
  • Redis
  • MinIO
  • Amazon S3
  • GitHub Enterprise Server
  • Clustering
  • Example Deployments

    • Single Node with Docker Compose

    Releases

    • Overview
    • January 2021
    • December 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • February 2020
    • January 2020
    • November 2019
    • Older releases

News

  • 2021
  • 2020
  • 2019
Edit

Private Dependencies

Analyzing a private project sometimes needs access to other private libraries or packages hosted on private repositories. Your team might be using a Git repository to distribute such private libraries. Such a kind of dependencies is supported by some package managers like Bundler or npm.

We support accessing to private repositories via SSH during an analysis session. Let's check the following steps out.

Generate SSH key pair

First, you need to generate an SSH key pair on your repository settings on Sider.

Visit Settings on your repository, and then click Keys.

Generate SSH private key

When you click Generate Key, Sider automatically generates a 4096-bit RSA key pair used for the private dependency resolution.

NOTE: We strongly recommend against adding secret keys to public repositories. Their analysis results are publicly accessible, and your secret keys might get exposed.

Add SSH public key to GitHub

Download SSH public key

After generating a key pair, click Download Public Key. You can download the SSH public key.

Next, you need to add the downloaded public key to GitHub. You can add it via the following 2 ways:

  • as a deploy key
  • as an SSH key of a machine user

Deploy key

If you have just one private dependency, using a deploy key is simple.

Suppose that you have the following private npm package and private repository hosting it:

  • Package name: awesome
  • Repository URL: https://github.com/foo-company/awesome

Your package.json should look like this:

{
  "dependencies": {
    "awesome": "git+ssh://git@github.com:foo-company/awesome.git#v1.2.3"
  }
}

To install this package during an analysis session, you need to add the downloaded public key as a deploy key to the foo-company/awesome repository on GitHub. The steps are as follows:

  1. Visit https://github.com/foo-company/awesome
  2. Click Settings
  3. Click Deploy keys
  4. Click Add deploy key
  5. Enter the public key and save it

For details, check out the GitHub documentation.

When you add the deploy key and start a new analysis, installing the private package should succeed.

SSH key of machine user

If you have multiple private dependencies, adding a deploy key does not work because we cannot add the same deploy key to multiple repositories on GitHub.

In such a case, you need to prepare a machine user account and attach the public key to the account. Note that the machine user must have read access to your private repositories.

Suppose that you have a machine user account named foobot and the following package.json:

{
  "dependencies": {
    "awesome": "git+ssh://git@github.com:foo-company/awesome.git#v1.2.3",
    "marvelous": "git+ssh://git@github.com:foo-company/marvelous.git#v0.9.0"
  }
}

To install these packages, foobot need to have access to the foo-company/awesome and foo-company/marvelous repositories. When you attach the public SSH key to foobot, foobot can access these repositories. The steps are as follows:

  1. Sign in to GitHub as the machine user
  2. Visit Settings of the machine user
  3. Click SSH and GPG keys
  4. Click New SSH key
  5. Enter the public key and save it
  6. Give the machine user access to the private repositories (read access at least)

For details, check out the following documentation on GitHub:

  • About adding a new SSH key
  • About managing access to a repository

Supported package managers

We support the following package managers that can install packages from Git repositories:

  • Bundler (Ruby)
  • npm (JavaScript)

If you want to install private dependencies via Bundler, note that you need to configure your sider.yml. For example:

linter:
  rubocop:
    gems:
      - name: rubocop-foo-company
        git:
          repo: git@github.com:foo-company/rubocop-foo-company.git
          tag: v1.2.3

See the gems option for details.

← Inline CommentsRestricting access to Close button →
  • Generate SSH key pair
  • Add SSH public key to GitHub
    • Deploy key
    • SSH key of machine user
  • Supported package managers
Sider Documentation
Docs
Getting StartedAnalysis ToolsEnterprise
Sider
Sider TopTerms of ServicePrivacy
Social
BlogGitHubStar
Copyright © 2021 Sider, Inc.