Skip to main content

Firewall Navigation

Access the Repository Firewall by logging into your self-hosted IQ server or your Sonatype Cloud tenant. When you using more than one Sonatype solution, use the solution switcher to switch to Repository Firewall.

Administrators manage policies, set access controls, and notifications for the Repository Firewall using the Repos and Policies.

We use the following terms for Repository Firewall that they have other meanings in another context:

  • Repository Managers

    The artifact repository connected to the IQ Server (eg. Nexus Repository, JFrog Artifactory)

  • Repository

    The proxy or hosted repository configured in a repository manager (eg. maven-central, npm hosted, etc.)

  • Proxy or Remote

    The external repository where components are downloaded from. These may be public repositories or privately hosted repositories.

  • Hosted

    A repository where components are stored on the repository manager. These may hold internally built artifacts or third-party software.

repo-mgm-configuration.png

Repository Managers Overview

The top-level of the repository managers configuration. Policies set at this level are inherited by all repositories and repository managers. Manage policies, access control, and quarantine for proxy repositories.

Repository Managers are added with a unique identifier when they connect to the Repository Firewall service. Configure namespace protection for hosted repositories.

Review the Guided Setup to connect a repository manager.

Elements in the Overview

  • Configuration

    List of the connected repository managers with their repositories in a nested table. The filters are used to limit the list displayed. Selecting a proxy repository opens the Repository Results View for that proxy.

    Repositories are removed using the trash can icon. This action does not delete the repository from the repository manager.

  • Policy

    Policies are inherited from the root organization. Policy actions may be overridden for repository managers for policies enabled at the root organization.

    Firewall policies may be added for all repository managers at this level. These policies would not be scoped to organizations or applications.

  • Namespace Confusion Protection

    List of namespaces protected for all repositories.

    See Namespace Confusion Protection

  • Access

    Access control for who may view repository results and manage the Firewall configuration.

Repository Manager View

Manage the configuring for a specific repository manager in the Repository Firewall.

  • When the complete listing of repository managers is not displayed, selecting the Repository Managers title will display the list of repository managers.

  • Selecting a single repository manager in the list navigates to this view.

single_repo_manager.png

Sections

The Repository Manager View has the same sections as the overview scoped to the single repository for granular access control of individual repository managers' configurations

This view allows you to scope policies for the single repository manager.

Actions

The actions menu is scoped to this repository manager.

  • Repository Manager ID to Clipboard

    The unique repository manager ID can be used to identify the instance in log files in IQ Server or Nexus Repository even after the repository manager name has been set to a human-readable name.

  • Edit Repository Manager Name

    Opens the Edit repository manager name dialog as shown above.

  • Delete [Repository Manager name]

    Used to remove the repository manager from the IQ Server configuration.

Edit the Repository Manager Label

The unique identifier for any repository manager may be modified with a human-recognizable name for easier identification. We recommend using a name common to users in your organization.

  1. Select the pencil icon on the right of the repository instance to Edit the name.

  2. Edit the Repository Manager Name to a meaningful identifier

  3. Select Update to save

repo-mgm-edit-name.png

Proxy Repository Configuration

Use this summary page for proxy repository configuration to manage access to individual proxy reports and to apply policies to specific repositories. Like the rest of the hierarchy, access control and policy are inherent from the following; the Root Organization, the Repository Managers container, and the configuration set on the specific repository manager where the proxy is configured.

  • Follow the best practice to enable or override enforcement of policies managed at the root organization or the Repository Managers container. Enable enforcement that does not apply to all proxy repositories.

  • Set policies on a specific proxy repository that are an exception to the rest of the organization's governance policy

  • Use the access controls on the specific repository for fine-tuned access to a single proxy

  • Set violation notifications unique to this repository such as from a testing environment

Hosted Repository Configuration

Manage access to the hosted repository configuration. This includes selecting the namespaces found within the repository. The Firewall analyzes the hosted repository for the namespaces used by its components.

Enable or disable namespace protection using a toggle.

See Namespace Confusion Protection