Sonatype Repository Firewall
Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.
Prevent Malicious Components - from entering your software supply chain
Automatically Evaluate - every new component against your custom governance policies
Automatically Quarantine - components before they are available in your artifact repository
Sonatype's IQ Server powers the Repository Firewall. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.
See License and Features to learn about our solutions.
Paths to Getting Started
The Repository Firewall license is available as a fully managed Cloud solution or a self-hosted deployment where you manage the service.
Firewall Cloud
Firewall Cloud reduces time-to-value by skipping the time needed to provision hardware and the costs of managing the self-hosted service. Only one quick step set up your tenant and IdP (identify provider) before jumping into protecting your infrastructure.
Getting started with Sonatype Cloud
Self-Hosted
The Self-Hosted solution deploys as you want; as a single-node or a multi-regional, highly available service without restrictions. Built on the same platform as Lifecycle and SBOM Manager to scale with your organizational requirements.
What's New
View the latest changes and updates in the Release Notes
Download the latest version from Download and Compatibility.
Repository Firewall Product Information
Sonatype Repository Firewall requires an IQ Server and an artifact repository. Next-Gen Firewall is compatible with Sonatype Nexus Repository 3 Pro and JFrog Artifactory.
Recommended IQ Server 134 or later
Firewall Cloud is updated automatically
Nexus Repository Pro requires a minimum version of 114
The JFrog Artifactory plugin requires a minimum version of 119
Nexus Repository Pro 3.38.1+ (latest version is recommended)
The Repository Firewall solution is included in the Nexus Repository and IQ Server codebase
JFrog Artifactory 7.2.6+
including the latest version of the Repository Firewall for the JFrog Artifactory plugin
JFrog Artifactory SaaS is not supported
Next-Gen Firewall Features
Repository Firewall prevents modern software supply chain attacks and improves developer experience. Classic Firewall has entered extended maintenance and will be sunsetted in the coming months. Customers should speak with their account team to upgrade to Next-Gen Firewall.
Licenses issued after June 1, 2021, apply to the Next-Gen Repository Firewall. Renewals are required to upgrade to the new version. The left navigation sidebar of the UI has the Firewall menu option indicating that you are licensed for the Next-Gen Repository Firewall.
Classic (C) Firewall | Self-Hosted and Sonatype Cloud | ||
|---|---|---|---|
Features | Sonatype Nexus Repository 2 | Sonatype Nexus Repository 3 | JFrog Artifactory |
|
|
| |
|
|
| |
Available for npm, Maven, & PyPI |
|
| |
|
| ||
|
| ||
PCCS for npm | IQ.134, NX-3.44 | plugin 2.4.4 | |
PCCS for PyPi | IQ.167, NX-3.61 | ||
Package Support for Repository Firewall
The following ecosystems and URLs are examples of supported package repositories for the Repository Firewall. This is not a comprehensive list of sources for Sonatype Component Intelligence.
Package Manager | Public Repository |
|---|---|
CocoaPods | https://cdn.cocoapods.org |
CONAN | https://center.conan.io |
Conda | https://repo.anaconda.com/pkgs |
Go Modules | https://index.golang.org (detection of pre-release versions is not supported) |
Maven | https://repo.maven.apache.org/maven2 https://maven.google.com https://maven.repository.redhat.com/ga/ |
npm | https://registry.npmjs.org |
NuGet | https://nuget.org |
PyPi | https://pypi.org |
RubyGems | https://rubygems.org |
Rust/Cargo | https://index.crates.io |
R Language | https://cran.r-project.org |
Yum / RPM (EPEL) | https://dl.fedoraproject.org |
Sonatype Repository Firewall does not support Docker images
The Sonatype Repository Firewall does not support blocking images from being downloaded from proxy repositories such as Docker Hub or any container format repository. Use the Sonatype Lifecycle solution to analyze images for open-source packages or the Sonatype Container solution to enforce your policy in production environments.
See the Sonatype Lifecycle Docker Image analysis or Sonatype Container Security for details.