Skip to main content

Sonatype Repository Firewall

Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.

  • Prevent Malicious Components - from entering your software supply chain

  • Automatically Evaluate - every new component against your custom governance policies

  • Automatically Quarantine - components before they are available in your artifact repository

Sonatype's IQ Server powers the Repository Firewall. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.

See License and Features to learn about our solutions.

Paths to Getting Started

The Repository Firewall license is available as a fully managed Cloud solution or a self-hosted deployment where you manage the service.

  • Firewall Cloud

    Firewall Cloud reduces time-to-value by skipping the time needed to provision hardware and the costs of managing the self-hosted service. Only one quick step set up your tenant and IdP (identify provider) before jumping into protecting your infrastructure.

    Getting started with Sonatype Cloud

  • Self-Hosted

    The Self-Hosted solution deploys as you want; as a single-node or a multi-regional, highly available service without restrictions. Built on the same platform as Lifecycle and SBOM Manager to scale with your organizational requirements.

    Getting Started with Repository Firewall

What's New

View the latest changes and updates in the Release Notes

Download the latest version from Download and Compatibility.

Repository Firewall Product Information

Sonatype Repository Firewall requires an IQ Server and an artifact repository. Next-Gen Firewall is compatible with Sonatype Nexus Repository 3 Pro and JFrog Artifactory.

  • Recommended IQ Server 134 or later

    • Firewall Cloud is updated automatically

    • Nexus Repository Pro requires a minimum version 114

    • The JFrog Artifactory plugin requires a minimum version 119

  • Nexus Repository Pro 3.38.1+ (latest version is recommended)

    • The Repository Firewall solution is included in the Nexus Repository and IQ Server codebase

  • or JFrogArtifactory 7.2.6+

    • including the latest version of the Repository Firewall for JFrog Artifactory plugin

Next-Gen Firewall Features

Repository Firewall prevents modern software supply chain attacks and improves developer experience. Classic Firewall has entered extended maintenance and will be sunsetted in the coming months. Customers should speak with their account team to upgrade to Next-Gen Firewall.

Licenses issued after June 1, 2021 apply to the Next-Gen Repository Firewall. Renewals are required to upgrade to the new version. The left navigation sidebar of the UI has the Firewall menu option indicating that you are licensed for the Next-Gen Repository Firewall.

Classic (C) Firewall

Self-Hosted and Sonatype Cloud


Sonatype Nexus Repository 2

Sonatype Nexus Repository 3

JFrog Artifactory

Firewall Quarantine




Namespace Confusion Protection




Release Integrity

Available for npm, Maven, & PyPI



Automatic Quarantine Release



Policy Compliant Component Selection



PCCS for npm

IQ.134, NX-3.44

plugin 2.4.4, NX-3.44

PCCS for PyPi

IQ.167, NX-3.61

plugin 2.4.8, NX-3.61

Package Support for Repository Firewall

The following ecosystems and URLs are examples of supported package repositories for the Repository Firewall. This is not a comprehensive list of sources for Sonatype Component Intelligence.

Package Manager

Public Repository




Go Modules






R Language

Yum / RPM (EPEL)