Skip to main content

Quarantined Component View

Repository Firewall allows users to view a temporary report for quarantined components. This report provides detailed information about the quarantined component and offers potential remediation solutions. This report is available for 12 hours from the time the component is first requested.

Prerequisites

  • Repository Firewall license

  • Nexus Repository Pro version 3.38.1 or greater

  • IQ Server version 161 or greater

  • Configure Nexus Repository 3 Pro with IQ Server

  • Quarantine enabled on the proxy repository

Accessing a Report

Repository Firewall creates the Quarantined Component Report when a user requests a quarantined component. This link will be available through their CLI.

CLI showing report link

Reviewing the Quarantined Component Report

The quarantined component report provides detailed information about the requested component including its policy violations and remediation strategies. It includes the following sections:

Overview - This section indicates that the requested component has been quarantined.

Component Overview - The title of the section is the component name. The rest of the section provides information on the component's current status, including the First Quarantined Date and Other Versions In the Repository

113248445.png

Risk Remediation - This tab provides information to remediate the violations causing quarantine. The Recommended Versions section suggests versions without failing policy violations. Versions with no build violations and versions without build violations for direct dependencies are both suggested as possible alternatives. This section also includes a Version Explorer which allows you to compare versions visually.

The Risk Remediation section of the report

Policy Violations Causing Quarantine - This section lists the failing violations. When upgrading a component is not available you will need to receive a waiver for all policies listed to use the component.

155615608.png

Other Allowed Versions - This section lists other versions already present in your repository. These versions are not quarantined and can be downloaded without issue. Substituting the requested version with a version listed in this section is a potential alternative to a waiver request.

189432136.png

Disabling Anonymous Access

Anonymous Access to the Quarantined Component View can be disabled using the Repository Firewall REST API.

Warning

We recommend you disable anonymous access if your IQ Server is accessible to users outside your organization. Consult with your legal and security teams to determine if you should disable this feature for your organization.