Repository Firewall Getting Started
Sonatype Repository Firewall is powered by IQ Server. It integrates with Nexus Repository or through a plugin with JFrog Artifactory.
Configure the Repository Firewall with the following steps:
Install the IQ Server and add the Repository Firewall license.
Note
Sonatype Cloud tenants need not perform this step
Configure your artifact repository to the IQ Server instance.
Configure your Nexus repositories that needs to be protected as per Repository Firewall Capability.
Configure your policies to quarantine new violating components and protect against introducing risk.
Notify your development teams about the change.
Connect to an Artifact Repository
Sonatype Repository Firewall license supports either Nexus Repository Pro or JFrog Artifactory.
Nexus Repository Pro
Install your Repository Firewall license to enable Firewall features in Nexus Repository Pro.
JFrog Artifactory
Install and manage the Repository Firewall for Artifactory plugin to enable Firewall features. Artifactory SaaS is not supported.
Review the Repository Audit
After you enable Repository Firewall, it audits your repositories for open-source threats and generates a risk report.
Existing components in your artifact repository aren’t quarantined. Your builds and deployments are not disrupted.
To explore findings, see Repository Results View.