Skip to main content

Sonatype Repository Firewall

Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.

  • Prevent Malicious Components - from entering your software supply chain

  • Automatically Evaluate - every new component against your custom governance policies

  • Automatically Quarantine - components before they are available in your artifact repository

The Repository Firewall is powered by the Sonatype's IQ Server. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.

See Licensing and Features to learn about our solutions.

Paths to Getting Started

Repository Firewall is offered as a 'software as a service' (SaaS) through our multi-tenant solution. Firewall Cloud reduces time-to-value by skipping the work needed to provision hardware and the costs of managing the self-hosted IQ Server.

There are a few unique steps in setting up the tenant and configuring the IdP (identify provider) which Firewall Cloud users will need to do before jumping into the rest of the configuration.

Self-Hosted

Firewall Cloud (SaaS)

Review Getting Started with Repository Firewall

Start with Starting with Firewall Cloud

What's New

View the latest changes and updates in the Release Notes

Download the latest version from Download and Compatibility.

Repository Firewall Product Information

Sonatype Repository Firewall requires an IQ Server and an artifact repository

  • Recommended IQ Server 134 or later

    • Firewall Cloud is updated automatically

    • Nexus Repository Pro requires a minimum version 114

    • The JFrog Artifactory plugin requires a minimum version 119

  • Nexus Repository Pro 3.38.1+ (latest version is recommended)

    • The Repository Firewall solution is included in the Nexus Repository and IQ Server codebase

  • or JFrogArtifactory 7.2.6+

    • including the latest version of the Repository Firewall for JFrog Artifactory plugin

Comparing Repository Firewall features

Features

Classic (C) Firewall

Next-Gen Firewall (NG)

Products

Sonatype Nexus Repository 2

Sonatype Nexus Repository 3

JFrog Artifactory

Firewall SaaS

Policy Driven Quarantine for Proxy Repositories

(tick)
(tick)
(tick)
(tick)

Namespace Confusion Protection

(tick)
(tick)
(tick)
(tick)

Release Integrity

Available for npm, Maven, & PyPI

(tick)
(tick)
(tick)

Automatic Quarantine Release

(tick)
(tick)
(tick)

Policy Compliant Component Selection

(tick)
(tick)
(tick)

PCCS for npm

IQ.134, NX-3.44

plugin 2.4.4, NX-3.44

PCCS for PyPi

IQ.167, NX-3.61

plugin 2.4.8, NX-3.61