Protection from Pending and Suspicious Components

NEXT-GEN FIREWALL

Prerequisites

Summary 

Brand-new releases of a software package can be high risk. The new release can contain an undiscovered security vulnerability, a new license, or malware. Nexus Firewall's Protection from Pending and Suspicious is designed to protect your software supply chain from potentially dangerous new releases - including Unicode Trojans, Typo-Squatting, and more. 

The Integrity Rating Policy

IQ version 140 made the following changes to the Integrity-Rating policy:

  • Integrity-Rating is not set to fail by default. This policy must be changed to fail at the proxy stage to enable protection from suspicious components. 
  • Integrity-Rating is not created when you add your Nexus Firewall License. If you are adding Nexus Firewall to an existing IQ Server you will need to manually create the Integrity-Rating Policy. 

Prior to IQ Server Version 140: 

  • The Integrity-Rating policy is set to fail by default and will trigger Nexus Firewall's Quarantine. This means Firewall will quarantine components that violate this policy. 


Your IQ Server should have a policy called Integrity-Rating. This policy looks at a component's Release Integrity Rating and creates policy violations for any component with a Pending or Suspicious value. The Release Integrity Rating is a status given to all new components to indicate if Sonatype found anything suspicious or unusual in this release. The Integrity Rating value can be Normal, Pending, Suspicious, or Not Applicable.  

Screenshot of Integrity Rating Policy

Release Integrity

When a new component or version is published, Sonatype‚Äôs AI and Machine Learning tools analyze the release and flag any component with a unusual release behavior. Releases that seem ordinary are assigned a release integrity of Normal while components flagged by our AI tools are sent to the Sonatype Research team for further review. During the review components are assigned a Suspicious Integrity Rating. Components with dangerous behavior are labeled Malicious and left in quarantine. Normal components have their Suspicious Integrity Rating changed to Normal.

This feature is designed to be used along with Firewall's Automatic Quarantine Release. Automatic Quarantine Release allows components assigned a normal integrity rating to be released without intervention by security teams. 

Disable Integrity Rating

Disabling this feature is not recommended. 

To disable protection from suspicious and malicious components, set the Integrity Rating policy to No Action.