Sonatype Repository Firewall
Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.
Prevent Malicious Components - from entering your software supply chain
Automatically Evaluate - every new component against your custom governance policies
Automatically Quarantine - components before they are available in your artifact repository
The Repository Firewall is powered by the Sonatype's IQ Server. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.
See Licensing and Features to learn about our solutions.
Paths to Getting Started
Repository Firewall is offered as a 'software as a service' (SaaS) through our multi-tenant solution. Firewall Cloud reduces time-to-value by skipping the work needed to provision hardware and the costs of managing the self-hosted IQ Server.
There are a few unique steps in setting up the tenant and configuring the IdP (identify provider) which Firewall Cloud users will need to do before jumping into the rest of the configuration.
Self-Hosted | Firewall Cloud (SaaS) |
---|---|
Start with Starting with Firewall Cloud |
What's New
View the latest changes and updates in the Release Notes
Download the latest version from Download and Compatibility.
Repository Firewall Product Information
Sonatype Repository Firewall requires an IQ Server and an artifact repository
Recommended IQ Server 134 or later
Firewall Cloud is updated automatically
Nexus Repository Pro requires a minimum version 114
The JFrog Artifactory plugin requires a minimum version 119
Nexus Repository Pro 3.38.1+ (latest version is recommended)
The Repository Firewall solution is included in the Nexus Repository and IQ Server codebase
or JFrogArtifactory 7.2.6+
including the latest version of the Repository Firewall for JFrog Artifactory plugin
Comparing Repository Firewall features
Features | Classic (C) Firewall | Next-Gen Firewall (NG) | ||
---|---|---|---|---|
Products | Sonatype Nexus Repository 2 | Sonatype Nexus Repository 3 | JFrog Artifactory | Firewall SaaS |
Available for npm, Maven, & PyPI | ||||
PCCS for npm | IQ.134, NX-3.44 | plugin 2.4.4, NX-3.44 | ||
PCCS for PyPi | IQ.167, NX-3.61 | plugin 2.4.8, NX-3.61 |