Getting Started with Hextrap

Hextrap protects your software supply chain by filtering and monitoring package installations. This guide will help you set up your first firewall and start protecting your projects.

Prerequisites

A Hextrap account (free tier available)
A project using pip, npm, or Go modules
Access to your CI/CD configuration

Step 1: Create Your First Firewall

A firewall is a security boundary for your package installations. You might create one per project, per team, or per environment depending on your needs.

Log in to your Hextrap dashboard
Click "New Firewall" in the top right
Enter a name (e.g., "Production API")
Click "Create Firewall"

Step 2: Generate Credentials

Credentials allow your builds to authenticate with hextrap. Each firewall can have its own credentials.

Click "Generate Credentials" to create a new username/password pair. Store these securely - the password is only shown once.

Step 3: Configure Your Package Manager

For pip (Python)

pip install --index-url https://USERNAME:PASSWORD@pypi.hextrap.com/simple/ requests

For npm (JavaScript)

registry=https://npm.hextrap.com/
//npm.hextrap.com/:_authToken=YOUR_TOKEN

For Go

GOPROXY=https://USERNAME:PASSWORD@go.hextrap.com,direct go get

Step 4: Test Your Setup

Try installing a package to verify everything is working:

pip install requests

Check your dashboard - you should see the installation attempt in your activity log.

Next Steps

Configure allow lists to restrict packages
Write custom policies with OPA Rego for advanced filtering
Set up soak time to delay new releases
Enable notifications for security events
Integrate with CI/CD for automated protection

Documentation

Getting Started

CLI Reference

API Reference

Guides