Quarantined Component View

NEW IN RELEASE 136

NEXT-GEN FIREWALL

Next-Gen Firewall allows users to view a temporary report for quarantined components. This report provides detailed information about the quarantined component and offers potential remediation solutions.

The report is available for 12 hours after the component is requested. 

We recommend you disable anonymous access if your IQ Server is accessible to users outside your organization.
See Disabling Anonymous Access at the bottom of this page. Consult with your legal and security teams to determine if you should disable this feature for your organization.

Prerequisites

  • Nexus Repository v3.38.1+

Accessing a Report

Nexus Firewall creates the Quarantined Component Report when a user requests a quarantined component. This link will be available through their CLI. 

CLI showing report link

Reviewing the Quarantined Component Report

The quarantined component report provides detailed information about the requested component including its policy violations and remediation strategies. It includes the following sections:

Overview - This section indicates that the requested component has been quarantined.
Component Overview - The title of the section is the component name. The rest of the section provide information on the components current status, including the First Quarantined Date and Other Versions In the Repository


Risk Remediation - This tab provides information to remediate the violations causing quarantine. The Recommended Versions section suggests versions without the failing policy violations. Versions with no build violations and versions without build violations for direct dependencies are both suggested as possible alternatives. This section also includes a Version Explorer which allows you to compare versions visually. 

The Risk Remediation section of the report


Policy Violations Causing Quarantine
- This section lists the failing violations. When upgrading a component is not available you will need to receive a waiver for all policies listed to use the component. 
Other Versions
- This section lists other versions already present in your repository. These versions are not quarantined and can be downloaded without issue. Substituting the requested version with a version listed in this section is a potential alternative to a waiver request. 


Disabling Anonymous Access

Anonymous Access to the Quarantined Component View can be disabled using the Firewall REST API

Firewall REST API - v2
To enable or disable anonymous access for the Quarantined Component View , you can issue a PUT request to the following path:
PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

Here is an example cURL command to run this request.

curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

By default, anonymous access for the Quarantined Component View is enabled.