Skip to main content

Getting Started with Repository Firewall

Repository Firewall is a set of features, powered by IQ Server, that integrate with your Nexus Repository Pro or through a plugin with JFrog Artifactory.

Configuring Repository Firewall involves the following steps:

  1. Installing IQ Server or your Firewall Cloud tenant (not needed for Lifecycle customers)

  2. Connect your artifact repository to the IQ Server instance

  3. Select your repositories to be protected by Repository Firewall

  4. Configure your governance policies to quarantine and protect you from new risk

Installing IQ Server

Follow these instructions for installing the IQ Server

Your Sonatype Repository Firewall license will need to be added to your installation of IQ Server for either the self-hosted or the Cloud (SaaS) configurations.

At this point, you may wish to review the default Firewall policies. Sonatype's reference policy set is recommended for most new customers however adjusting them before the initial audit will save some time later.

Connecting your artifact repository

Your Repository Firewall license supports either Nexus Repository Pro or JFrog Artifactory.

Nexus Repository Pro

The Firewall features are enabled in Nexus Repository Pro when you install your license.

See Nexus Repository 3 Pro Setup

JFrog Artifactory

For JFrog Artifactory you are required to install and manage the Repository Firewall for Artifactory plugin to enable the functionality.

See JFrog Artifactory Setup

Using the guided setup

We recommend using the Repository Firewall Guided Setup for the fastest deployment.

Manual installation requires each repository to be configured one at a time. The guided setup simplifies this by allowing you to select every repository to be onboarded from one view.

To manually configure Nexus Repository, review the Firewall Audit and Quarantine Capability

Review the repository audit

Once the Repository Firewall is enabled, it will begin to audit your configured repositories for open-source threats and generate a report for you to review your current risk.

Learn more about the Repository Results view.


Components currently in your artifact repository are not affected; there will be no disruption to your existing builds and deployments.