Protection from Pending and Suspicious Components


Brand-new releases of a software package can be high risk. The new release can contain an undiscovered security vulnerability, a new license, or contain code from a malicious actor. This feature is designed to protect your software supply chain from potentially dangerous new releases - including Unicode Trojans, Typo-Squatting, and more. 

Firewall will flag components with unusual release behavior as suspicious or malicious, then quarantine these components until the Sonatype Research team has vetted them.

This feature is designed to be used along with Firewall's Automatic Quarantine Release.

This feature is currently available for npm & PyPI, which are most at risk.

The Integrity Rating Policy

A policy called Integrity-Rating is automatically created when a Next-Gen Firewall License is installed. This operation will only occur once, even if the license is installed again. The Integrity-Rating policy checks to a component against a feature called Integrity Rating, which identifies if a new release of the component is considered to be safe. This value can be, normal, pending, suspicious, and not applicable. By default, the integrity rating policy blocks components with a pending or suspicious Integrity rating. 

To disable protection from suspicious and malicious components, set the Integrity Rating policy to No Action.

If an Integrity-Rating policy already exists prior to the Firewall license, then the policy name will be suffixed with a number, such as Integrity-Rating-1