Skip to main content

Sonatype Repository Firewall

Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.

  • Prevent Malicious Components - from entering your software supply chain

  • Automatically Evaluate - every new component against your custom governance policies

  • Automatically Quarantine - components before they are available in your artifact repository

The Repository Firewall is powered by the Sonatype's IQ Server. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.

See Licensing and Features to learn about our solutions.

Paths to Getting Started

Repository Firewall is offered as a 'software as a service' (SaaS) through our multi-tenant solution. Firewall Cloud reduces time-to-value by skipping the work needed to provision hardware and the costs of managing the self-hosted IQ Server.

There are a few unique steps in setting up the tenant and configuring the IdP (identify provider) which Firewall Cloud users will need to do before jumping into the rest of the configuration.


Firewall Cloud (SaaS)

Review Getting Started with Repository Firewall

Start with Starting with Firewall Cloud

What's New

View the latest changes and updates in the Release Notes

Download the latest version from Download and Compatibility.

Repository Firewall Product Information

Sonatype Repository Firewall requires an IQ Server and an artifact repository

  • Recommended IQ Server 134 or later

    • Firewall Cloud is updated automatically

    • Nexus Repository Pro requires a minimum version 114

    • The JFrog Artifactory plugin requires a minimum version 119

  • Nexus Repository Pro 3.38.1+ (latest version is recommended)

    • Repository Firewall is included in the Nexus Repository codebase

  • or JFrogArtifactory 7.2.6+

    • including the latest version of the Repository Firewall for JFrog Artifactory plugin

Comparing Repository Firewall features


Classic (C) Firewall

Next-Gen Firewall (NG)


Sonatype Nexus Repository 2

Sonatype Nexus Repository 3

JFrog Artifactory

Firewall SaaS

Policy Driven Quarantine for Proxy Repositories


Namespace Confusion Protection


Release Integrity

Available for npm, Maven, & PyPI


Automatic Quarantine Release


Policy Compliant Component Selection


PCCS for npm

IQ.134, NX-3.44

plugin 2.4.4, NX-3.44

PCCS for PyPi

IQ.167, NX-3.61

plugin 2.4.8, NX-3.61