Repository Management
Navigating Firewall
The Repository Firewall solution integrates your artifact repository with Sonatype's policy engine managed in the self-hosted IQ Server or a Firewall Cloud tenant.
The Repository Firewall configuration is accessed through the Repository Managers hierarchy on the Orgs and Policies. From here, Administrators manage policies, control access, and other configuration for Repository Firewall.
We use the following terms as they may refer to more than one thing:
repository manager - refers to the artifact repository that is connected to the IQ Server (eg. Nexus Repository, JFrog Artifactory)
repository - refer to the individual repository configured in a repository manager (eg. maven-central, npm hosted, etc.)
proxy/remote - refers to a repository where components are downloaded from public repositories
hosted - refers to a repository where components are stored on the repository manager
Repository Managers overview
The top-level list of the repository managers configured with Repository Firewall. Repository Managers are added with a unique identifier when they connect to the Firewall service.
See the Repository Firewall Guided Setup for details on connecting a repository manager.
From this view, repository managers are administered at a high level.
Set Firewall policies, results access control, and quarantine for proxy repositories
Configure namespace protection for hosted repositories
Navigate to the overview
Select
Orgs and Policiesfrom the left navigationSelect
Repository Managersfrom the organization navigator
Configuration
List of the connected repository managers with their repositories in a nested table. The filters are used to limit the list displayed. Selecting a proxy repository will open the Repository Results view for that proxy.
Repositories are removed using the trashcan icon. This action does not delete the repository from the repository manager.
Policy
Policies are inherited from the root organization. Policy actions may be overridden for repository managers for policies enabled at the root organization.
Firewall policies may be added for all repository managers at this level. These policies would not be scoped to organizations or applications.
Namespace Confusion Protection
List of namespaces protected for all repositories. See Namespace Confusion Protection
Access
Access control for who may view repository results and manage the Firewall configuration.
Single repository manager view
Access the Firewall details for a single repository manager from the left-hand menu. This view lets you manage the configuring for a specific repository manager.
When the complete listing of repository managers is not displayed, selecting the
Repository Managerstitle will drop down the complete listing of repository managers.Selecting a single repository manager in the list will navigate to this repository manager's view.
Edit the repository manager label
The unique identifier for any repository manager may be modified with a human-recognizable name for easier identification. We recommend using a name common to users in your organization.
Select the pencil icon on the right of the repository instance to
Editthe name.Edit the
Repository Manager Nameto a meaningful identifierSelect
Updateto save
Single repository manager sections
The single repository manager view has the same sections as the overview page, however they are scoped to the single repository. This provides for granular access control of individual repository manager's configuration as well as allows for policies to be scoped to the single repository manager.
Configuration - Filter by repository name or format; remove a repository from configuration.
Policies - Set policies scoped to this specific repository manager; override actions and notifications on inherited policies.
Namespace Confusion Protection - configure namespaces used in this repository manager.
Access - allow access to repository results and configuration for this repository manager.
Single repository manager actions
The single repository manager view provides the actions menu for only this repository manager.
The unique repository manager ID can be used to identify the instance in log files in IQ Server or in Nexus Repository even after the repository manager name has been set to a human-readable name. | |
Opens the Edit repository manager name dialog as shown above. | |
Used to remove the repository manager from the IQ Server configuration. |
Proxy repository configuration page
Use this summary page for proxy repository configuration to manage access to individual proxy reports and to apply policies to specific repositories. Similar to the rest of the hierarchy, access control and policy are inherent from; the Root Organization, the Repository Managers container, as well as the configuration set on the specific repository manager where the proxy is configured.
Follow the best practice to enable or override enforcement of policies managed at the root organization or the Repository Managers container. Enable enforcement that does not apply to all proxy repositories.
Set policies on a specific proxy repository that are an exception to the rest of the organization's governance policy
Use the access controls on the specific repository for fine-tuned access to a single proxy
Set violation notifications unique to this repository such as from a testing environment
Hosted repository configuration page
Use the hosted repository configuration page to configure access to the repository firewall configuration including selecting the namespaces found within the repository. The hosted repository is analyzed for the namespaces used by the components within it. Namespace protection can be enabled and disabled using a toggle.