search

PyPI Integration

pip resolves packages using the configured index URL. Routing pip through the Lineaje Proxy requires setting PIP_INDEX_URL (or pip's --index-url flag) to the Proxy's PyPI endpoint.

Proxy PyPI URL

// Enforce Mode: block all non-compliant builds  
https://enforce.fortknox.v2.prod.veedna.com/artifactory/api/pypi/gos-all-proxy-python/simple 

// Observe Mode: Report all non-compliant dependency downloads  
https://observe.fortknox.v2.prod.veedna.com/artifactory/api/pypi/gos-all-proxy-python/simple
chevron-rightJenkinsfile Configuration Examplehashtag
pipeline { 
  agent any 
  environment { 
 ARTIFACTORY_CREDS = credentials(<ID>) 
    ARTIFACTORY_URL = 'https://enforce.fortknox.v2.prod.veedna.com' + 
                      '/artifactory/api/pypi/gos-all-proxy-python/simple' 
  } 
stages { 
        stage('Build') { 
            steps { 
                script { 
                    // Set up the pip index URL with authentication 
                    // We encode the URL to include the credentials safely in the environment 
                    def pipIndexUrl = "https://${ARTIFACTORY_CREDS_USR}:${ARTIFACTORY_CREDS_PSW}@${ARTIFACTORY_URL}" 
                    withEnv(["PIP_INDEX_URL=${pipIndexUrl}"]) { 
                         // Optional: Create a virtual environment 
                        sh 'python3 -m venv venv' 
     // Install dependencies 
     // PIP_INDEX_URL env var is automatically picked up by pip 
                        sh './venv/bin/python -m pip install -vvv --no-cache-dir --index-url "${PIP_INDEX_URL}" --trusted-host enforce.fortknox.v2.prod.veedna.com -r requirements.txt' 
                        // Run the script 
                        sh './venv/bin/python main.py' 
                    } 
                } 
            } 
        } 
    } 
}
chevron-rightpip.conf Alternative (for non-Jenkins environments)hashtag

If configuring pip outside of Jenkins (e.g., Docker image build, local developer machine, GitHub Actions), use pip.conf:

# ~/.config/pip/pip.conf  (Linux/macOS) 
# %APPDATA%\pip\pip.ini   (Windows) 
[global] 
index-url = https://<ARTIFACTORY_CREDS_USR>:< ARTIFACTORY_CREDS_PSW >@enforce.fortknox.v2.prod.veedna.com/artifactory/api/pypi/gos-all-proxy-python/simple 
trusted-host = enforce.fortknox.v2.prod.veedna.com

Alternatively, pass the URL directly on the command line:

pip install urllib3==2.0.5 \ 
  --index-url https://<USER>:<TOKEN>@enforce.fortknox.v2.prod.veedna.com/ 
              artifactory/api/pypi/gos-all-proxy-python/simple \ 
  -vvv
chevron-rightVerifying Proxy Routinghashtag

The -vvv (verbose) flag causes pip to log the full URL of each package fetched. Confirm the Proxy URL appears in the output:

# Expected in build log: 
  GET https://enforce.fortknox.v2.prod.veedna.com/artifactory/api/pypi/ 
      gos-all-proxy-python/packages/.../urllib3-2.0.5-py3-none-any.whl 
  200 OK

To detect policy violations, search build logs for the string. To learn more, see Detecting Policy Violations in Build Logs.

PreviousMaven IntegrationNextnpm Integration

Last updated