Skip to main content

Integrate Firewall with Zscaler

Zscaler is a cloud-native cybersecurity platform to securely connect users, devices, and applications, regardless of their location. Think of it as a security checkpoint in the cloud that all your organization's traffic can pass through for inspection and protection.

Sonatype's Repository Firewall integrates with Zscaler to block actively verified malware components from being directly downloaded from public repositories. This integration protects your organization from shadow downloads.

See Shadow Downloads Best Practices

Requirements

The configuration for blocking malware is automatic once the Repository Firewall and Zscaler integration is configured. A few additional settings need to be manually set on in Zscaler.

  1. Enable SSL inspection on traffic

    See About SSL Inspection

  2. Set the URL filtering policy

    See Configuring URL Filtering Policy

  3. Install Zscaler certificates on your developers' machines

    See Adding Root Certificates

Configuration

An administrator account is required to configure the Zscaler integration. The settings are found in the settings menu for Repository Firewall.

See Getting Started Zia API

fw-zscaler-configuration.png

Credentials

Provide your Zscaler administrator account credicatials.

Hostname

The hostname is the url for your zscaler deployment.

API Keys

Generating a Zscaler API Key involves accessing the API Management section within the specific Zscaler Admin Portal you are using. The exact navigation path and some options might differ slightly depending on the Zscaler product. Consult the Zscaler Help Portal for the specific product you are using.

See Zscaler Help Portal

FAQ

  • The Zscaler integration is supported for the following formats for automatic Malware detection:

    maven, npm, PyPi

  • Repository Firewall create custom User Define URL categories by component format. These endpoints are updated once daily.