Protection from Suspicious and Malicious Components

Summary

Brand-new releases of a software package introduce can be high risk. The new release could contain an undiscovered security vulnerability, a new license, or contain code from a malicious actor. This feature is designed to protect your software supply chain from potentially dangerous newly released components - including Unicode Trojans, Typo-Squatting, and more. 

Firewall will flag components with unusual release behavior as suspicious or malicious and quarantine these components until the Sonatype Research team has vetted them.

This feature is designed to be used along with Firewall's Automatic Quarantine Release.

This feature is currently available for npm & PyPI, which are most at risk.

The Integrity Rating Policy

A policy called Integrity-Rating is automatically created when a Next-Gen Firewall License is installed. This operation will only occur once, even if the license is installed again. The Integrity-Rating policy checks to a component against a feature called Integrity Rating, which identifies if a new release of the component is considered to be safe. This value can be, normal, unknown, suspicious, and malicious. By default, the integrity rating policy blocks components with an unknown, suspicious, and malicious Integrity rating. 

To disable protection from suspicious and malicious components, set the Integrity Rating policy to No Action.

If an Integrity-Rating policy already exists prior to the Firewall license, then the policy name will be suffixed with a number, such as Integrity-Rating-1