This page walks through the steps to set up NXRM and a Docker container to test Conan Firewall using https://conan.bintray.com/

See the official docs at  https://help.sonatype.com/repomanager3/formats/conan-repositories

• Prerequisites
• Step 1. Create a new Proxy Repository in NXRM
• Step 2. Enable Firewall for the New Proxy Repo
• Step 3. Run Docker Image for the Dependency Manager
• Step 4. Set the environment to download packages from NXRM
• Step 5. Install a package
• Step 6. Browse NXRM to view it
• Step 7. View the Firewall Report
• Step 8. Test Quarantine
• Step 9. Notes

• IQ Server installed and running
• NXRM 3 installed and running and configured with the IQ Server
• Docker for Mac installed and running

Use https://conan.bintray.com/ as the Remote URL. Accept default values for the remainder of the settings.

docker run -it --rm conanio/gcc7

4a. List all the remotes

conan remote list

4b. Remove them all

conan remote remove conan-center

4c. Add NXRM

conan remote add conan-proxy http://host.docker.internal:8083/nexus/repository/conan.bintray.com-proxy/

5a. Create a conanfile.txt

[requires]
zlib/1.2.11@conan/stable

[generators]
cmake

5b. install

conan install .

Repo List

IQ Server Report

Poco depends on a vulnerable version of OpenSSL

OpenSSL 1.0.2o has CVE-2018-0737 with CVSS 5.9, so you'll need to have Quarantine enabled in the capability you created in step 2 and Proxy=Fail in your Security-Medium policy in IQ Server

conanfile.txt

[requires]
Poco/1.9.0@pocoproject/stable

[generators]
cmake

Console Output - If something gets quarantined, it bounces you to the Bintray Login

Repo List

IQ Server Report

You can reproduce the 403 - Quarantined error by clicking on the "Path" link: http://host.docker.internal:8000/nexus/repository/conan.bintray.com-proxy/conans/conan/OpenSSL/1.0.2o/stable/packages/b781af3f476d0aa5070a0a35b544db7a3c193cc8/conan_package.tgz