Protection from Pending and Suspicious Components

NEXT-GEN FIREWALL

Prerequisites


This feature is only availble for maven, npm, and pypi. 

Summary 

New releases of a software package can be high risk. The new release can contain an undiscovered security vulnerability, a new license, or malware. Repository Firewall's protection from Pending and Suspicious is designed to protect your software supply chain from potentially dangerous new releases - including unicode trojans, typosquatting, and more. 

The Integrity Rating Policy

IQ version 140 made the following changes to the Integrity-Rating policy:

  • Integrity-Rating is not set to fail by default. This policy must be changed to fail at the proxy stage to enable protection from suspicious components. 
  • Integrity-Rating is not created when you add your Repository Firewall license. If you are adding Repository Firewall to an existing IQ Server you will need to manually create the Integrity-Rating Policy. 

Prior to IQ Server version 140: 

  • The Integrity-Rating policy is set to fail by default and will trigger Repository Firewall's Quarantine. This means Repository Firewall will quarantine components that violate this policy. 


Your IQ Server should have a policy called Integrity-Rating. This policy looks at a component's Release Integrity Rating and creates policy violations for any component with a Pending or Suspicious value. The Release Integrity Rating is a status given to all new components to indicate if Sonatype found anything suspicious or unusual in this release. The Integrity Rating value can be Normal, Pending, Suspicious, or Not Applicable.  

Screenshot of Integrity Rating Policy

Release Integrity

When a new component or version is published, Sonatype’s AI and Machine Learning tools analyze the release and flag any component with a unusual release behavior. Releases that seem ordinary are assigned a release integrity of Normal while components flagged by our AI tools are sent to the Sonatype Research team for further review. During the review components are assigned a Suspicious Integrity Rating. Components with dangerous behavior are labeled Malicious and left in quarantine. Normal components have their Suspicious Integrity Rating changed to Normal.

This feature is designed to be used along with Repository Firewall's Automatic Quarantine Release to allow components re-assigned a normal integrity rating to be released without intervention by security teams. 

Disable Integrity Rating

Disabling this feature is not recommended. 

To disable protection from suspicious and malicious components, set the Integrity Rating policy to No Action.