Sonatype Repository Firewall
Sonatype Repository Firewall is the first line of defense for controlling the open-source components allowed into your Software Development Lifecycle.
Prevent Malicious Components - from entering your software supply chain
Automatically Evaluate - every new component against your custom governance policies
Automatically Quarantine - components before they are available in your artifact repository
Sonatype's IQ Server powers the Repository Firewall. The integration connects to your artifact repository to oversee the enforcement of your open-source consumption policies.
View the latest release in the IQ Server Release Notes
Paths to Getting Started
The Repository Firewall license is available as a fully managed Cloud solution or a self-hosted deployment where you manage the service.
Firewall Cloud
Firewall Cloud reduces time-to-value by skipping the time needed to provision hardware and the costs of managing the self-hosted service. Only one quick step set up your tenant and IdP (identity provider) before jumping into protecting your infrastructure.
Getting started with Sonatype Cloud
Self-Hosted
The Self-Hosted solution deploys as you want; as a single-node or a multi-regional, highly available service without restrictions. Built on the same platform as Lifecycle and SBOM Manager to scale with your organizational requirements.
Getting started with Repository Firewall
Repository Firewall Product Information
Sonatype Repository Firewall requires an IQ Server and an artifact repository. Firewall is compatible with Sonatype Nexus Repository 3 Pro and JFrog Artifactory.
Recommended IQ Server 134 or later
Firewall Cloud is updated automatically
Nexus Repository Pro requires a minimum version of 114
The JFrog Artifactory plugin requires a minimum version of 119
Nexus Repository Pro 3.38.1+ (latest version is recommended)
The Repository Firewall solution is included in the Nexus Repository and IQ Server codebase
JFrog Artifactory 7.2.6+
including the latest version of the Repository Firewall for the JFrog Artifactory plugin
JFrog Artifactory SaaS is not supported
Repository Firewall Features
Features | Sonatype Nexus Repository 3 | JFrog Artifactory |
|---|---|---|
|
| |
|
| |
Available for npm, Maven, and PyPI |
|
|
|
| |
|
| |
PCCS for npm | IQ.134, NX-3.44 | plugin 2.4.4 |
PCCS for PyPI | IQ.167, NX-3.61 |
Package Support for Repository Firewall
The following ecosystems and proxy URLs are examples of supported package repositories for the Repository Firewall.
This is not a comprehensive list of sources for Sonatype Component Intelligence.
Package Manager | Public Repository |
|---|---|
CocoaPods | https://cdn.cocoapods.org |
Composer | https://packagist.org |
Conan | https://center.conan.io |
Conda | https://repo.anaconda.com/pkgs |
Go Modules | https://index.golang.org (detection of pre-release versions is not supported) |
Maven | https://repo.maven.apache.org/maven2 https://maven.google.com https://maven.repository.redhat.com/ga/ |
npm | https://registry.npmjs.org |
NuGet | https://nuget.org |
PyPI | https://pypi.org |
RubyGems | https://rubygems.org |
Rust/Cargo | https://index.crates.io |
R Language | https://cran.r-project.org |
Yum/rpm (EPEL) | https://dl.fedoraproject.org |
Sonatype Repository Firewall does not support Docker images
The Sonatype Repository Firewall does not support blocking images from being downloaded from proxy repositories such as Docker Hub or any container format repository. Use the Sonatype Lifecycle solution to analyze images for open-source packages or the Sonatype Container solution to enforce your policy in production environments.
See the Sonatype Lifecycle Docker Image Analysis and Sonatype Container Security for details.