Prevent non-compliant dependencies from being proxied with dependency proxy

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Sometimes projects try to use dependencies that are insecure, not properly licensed, etc. via dependency proxy.

Proposal

Dependency proxy should prevent those non-compliant dependencies from being used.

Some configuration options should be given at various levels (project, group, instance) as to what is and isn't allowed. Currently dependency proxy only supports Docker Hub however in the future it may support other dependencies so for example an instance admin (e.g. whole company) could block dependencies that do not meet specific license and security requirements. This would be particularly helpful if for example only certain versions of a dependency were determined to be insecure.