JuliaHub Blog: Insights & Updates

JuliaHub Policies and Private Registry Solutions

Written by Bill Burdick and Deep Datta | Nov 14, 2023

We recently published a blog about private registries and package management on JuliaHub. We are following up on that blog to announce additional capabilities now available on JuliaHub. Those include the official release of our Package Analytics feature as well as the upcoming new feature we call Package Policies.

Introduction

JuliaHub allows admins or organizations with enterprise subscriptions to create unlimited private registries to store private and proprietary Julia packages. This allows for total control and governance of all of your private Julia packages. Private registries work the same way as public registries when you use pkg mode in Julia, except private registries also have access controls associated with them so only the users you authorize can use packages in your private registries.

 

Registry Sharing Explained

Admins can control access to a private registry so that only authorized users can download and/or register packages. This allows an organization to control exactly who can view, use, and contribute packages. An admin can choose to make a user the owner of the registry. After that, the admin/owner can “share” the registry, authorizing other users to download it and, optionally, registering packages to that private registry. Once a registry has an owner, Julia can’t download the registry from your JuliaHub server unless it has authenticated the person downloading as one of the authorized users of the registry.

There’s no limit to how many private registries enterprise admins can make.

Private Registry Analytics

We have also just released our package analytics feature for enterprise accounts on JuliaHub. This feature can be found from the admin panel on the bottom left of the JuliaHub navigation menu. Org owners can also track even more detailed information about package usage in the audit events dashboard available via the admin panel. Admin users can easily view the following information for each private registry:

  • Total Packages (from registry)
  • Packages in Use
  • Downloads
  • Users using (packages in) this registry
  • Top 5 Packages Used 
  • Top 5 Most Active Users
  • Package Activity Trends Graph

We built this feature because many customers asked for a better understanding of how individuals and teams within their organization were using certain packages. They wanted to know the most used packages and which users (within their org) are downloading them, and better understand the overall usage of JuliaHub’s package capabilities. This data is also available for packages in the Julia General registry (if you have an enterprise admin account).

NEW! Introducing Package Policies

We are also introducing a new package policy feature initially targeted at keeping projects compliant with your organization’s coding needs. Admins can create new policies with rules that can block or allow packages (and versions) based on the (open source) license of that package, the version number (to handle exceptions), and (in the future) other arbitrary metadata. 

We created this feature because organizations need to be able to block certain packages and/or versions for legal, compliance, security, or internal compliance reasons and we want to help address that need. Package policies enhance both the package server and Julia instances because they change both whether the server will allow a package to be downloaded and how Julia itself resolves package versions.

The initial functionality we are launching this month simply focuses on licenses and individual package versions to address the most urgent needs. We do realize that there are other categories of policy information that organizations would like to use. Moving forward, we plan to add support for custom metadata so organizations can create their own categories for packages and versions. An example of these metadata rules looks like this:

Package Policies Rules example

License Policy

The UI in JuliaHub will also have the ability to create these rules based on licenses. If your organization only wants a certain project in JuliaHub to use certain license types, you can do that. An example of what this will look like in the platform:

Summary

As you can see, JuliaHub’s robust registry management solutions allow governance of every package and version for your organization. Enterprise accounts can create as many registries as needed. (Many of these features will also soon be available with a Team subscription.) Our policies feature then allows or disallows packages to be used based on rules that effectively create “gated or vetted registries” that keep non-compliant packages out of your team’s projects. So if you have a team that has strict compliance needs, you can create a policy for packages and projects that the team uses.

What’s a full example of how these tools provide governance of packages in JuliaHub?

  1. First, the admin creates a private registry to store custom-made Julia packages
  2. The admin can make a user the owner of a private registry and give other team members access so they can download packages or register new ones
  3. Then if a user wants to use this registry’s packages in a project, they can import packages from it to that project
  4. A policy can be created and assigned to the project to block or allow access to certain packages based on rules in the policy
  5. Users can then spin up the Julia REPL in their org’s instance and the pkg manager will look for packages in all registries private and public and use policies and auth rules to decide if a package is available for use or not by that user
  6. All of these package events are tracked and available on the analytics screens (data is currently accessible to administrators only)

 For more about JuliaHub visit our Overview page and you can find a button to Start for Free.