Protection from Pending and Suspicious Components

NEXT-GEN FIREWALL

Prerequisites

Summary 

Brand-new releases of a software package can be high risk. The new release can contain an undiscovered security vulnerability, a new license, or malware. Nexus Firewall's Protection from Pending and Suspicious is designed to protect your software supply chain from potentially dangerous new releases - including Unicode Trojans, Typo-Squatting, and more. 

The Integrity Rating Policy

Your IQ Server should have a policy called Integrity-Rating. This policy looks at a component's Release Integrity Score and creates policy violations for any component with a Pending or Suspicious value. The Integrity Rating value can be Normal, Pending, Suspicious, and Not Applicable.

Screenshot of Integrity Rating Policy

By default, the Integrity Rating Policy is set to Fail. This means Firewall will quarantine components that violate this policy. 

Release Integrity

When a new component or version is published, Sonatype‚Äôs AI and Machine Learning tools analyze the release and flag any component with a unusual release behavior. Releases that seem ordinary are assigned a release integrity of Normal while components flagged by our AI tools are sent to the Sonatype Research team for further review. During the review components are assigned a Suspicious Integrity Rating. Components with dangerous behavior are labeled Malicious and left in quarantine. Normal components have their Suspicious Integrity Rating changed to Normal.

This feature is designed to be used along with Firewall's Automatic Quarantine Release. Automatic Quarantine Release allows components assigned a normal integrity rating to be released without intervention by security teams. 

Disable Integrity Rating

Disabling this feature is not recommended. 

To disable protection from suspicious and malicious components, set the Integrity Rating policy to No Action.