The Strongest Defense Against Malicious Code

Public open source repositories can be compromised, and developers are frequently targeted by malicious open source packages. Proactive protection stops malicious code from sneaking into your builds and reaching production systems.

Vulnerabilities are accidental flaws in trusted software like unpatched bugs. Malware is intentional code crafted by attackers to cause harm. Most Software Composition Analysis (SCA) tools only detect known vulnerabilities and miss malicious behavior entirely. Sonatype Firewall is purpose-built to detect and block open source malware from the start, solving a different problem that traditional SCA tools can't address.

No. Perimeter and endpoint solutions aren't built to detect malicious code in open source software libraries and lack specialized malware intelligence. Sonatype Firewall uses our unique open source malware intelligence to proactively identify and block malicious open source components before it enters your development environment.

No, Sonatype Firewall does not require a repository manager to work. It works with any repository manager like Sonatype Nexus Repository, JFrog Artifactory, Cloudsmith, Azure Artifacts, AWS CodeArtifact, Google Artifact Registry, GitHub Package Registry, and more. Sonatype Firewall can protect your software supply chain even without a dedicated repository manager. It integrates directly with security tools such as Zscaler for network-level protection and uses flexible APIs for seamless integration into custom workflows or existing CI/CD pipelines.

Yes, Sonatype Firewall connects seamlessly with network security solutions such as Zscaler, extending open source malware protection to the network edge for comprehensive coverage.

Yes. Sonatype Firewall includes support from Hugging Face. Just like open source packages, these models are evaluated at the point of download to determine if they violate security policies or exhibit suspicious or malicious behavior. That means your data science and engineering teams can innovate with the latest models — confident that every download is secure and policy-compliant.

Threat detection and blocking happen automatically, in real time. As soon as a developer or system tries to download a malicious or policy-violating component — whether it’s a package, container, or AI model — Sonatype Firewall steps in to block it before it ever enters your development environment. Its advanced malware intelligence minimizes false positives so only true threats are blocked. In rare cases of uncertainty, components are quarantined for further analysis, and automatically released if deemed safe – ensuring developers aren’t stuck waiting on security.

Yes, Sonatype Firewall Enterprise automates open source governance by quarantining non-compliant components. The powerful policy engine supports flexible policy waivers, including time-based and scoped exceptions, to balance security with development speed.

Sonatype Firewall continuously updates its malware database, providing real-time protection against the latest open source threats.

Sonatype Firewall supports flexible deployment options to meet different security and infrastructure needs. It is available as a fully managed SaaS offering for fast setup and minimal operational overhead. Organizations can also deploy it on-premises or self-hosted for greater control within their own environment. For fully disconnected environments, Sonatype Firewall Enterprise is supported via the Sonatype Air-Gapped Environment (SAGE).