Sonatype Repository Firewall Has Prevented More Than $1.5B in Losses from Malicious Attacks


Now Available as a SaaS-First Solution for Rapid Protection at Scale 

June 20, 2023 –  Infosecurity Europe - London and Fulton, Md. – Sonatype, the pioneer of software supply chain management, has announced that Sonatype Repository Firewall has stopped more than $1.5 billion in potential losses from malicious open source attacks. Now a SaaS-first solution, it is enabling even more organizations to speed their pace of innovation while keeping their open source software (OSS) repositories and profitability secure.

As the rate of malicious attacks continues to increase, so too does the cost of attacks – according to IBM, the average cost of a destructive attack stands at $5.12 million. Sonatype Repository Firewall is the only SaaS solution that combats malicious open source attacks, detects and blocks vulnerabilities, and ensures security of open source code repositories with the help of AI behavioral analytics and automated policy enforcement. Backed by Sonatype’s industry-leading research team, Sonatype Repository Firewall scans and evaluates components for vulnerabilities and malicious open source code before they ever enter into an organization’s development life cycle. To date, Sonatype has analyzed more than 120 million open source components – 40x more than its competitors – and Sonatype Repository Firewall has discovered nearly 145,000 malicious components and stopped them from attacking software development pipelines, preventing over $1.5 billion in potential losses for its customers.

“An elegantly simple solution to a complex problem, the Sonatype Repository Firewall empowers technology teams to move fast with the confidence that they are protected from malware masquerading as valid open source software,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “With cyberattacks increasing in frequency and sophistication–and software development regulations becoming increasingly standardized–organizations are looking for fast ways to protect themselves. Sonatype Repository Firewall is a first line of defense that is easy to set up, maintain, and integrate into workflows. Simply put, if you have a repository manager, you need a Repository Firewall.”

Sonatype Repository Firewall offers customizable and automated policy enforcement controls, ensuring safe and optimal component delivery. It seamlessly integrates with existing workflows, guiding contextual remediation and replacement. Known secure components flow directly into the developer's pipeline, while malicious components are quarantined. Suspicious packages receive greater scrutiny from Sonatype's research team before release to guarantee safety.

Sonatype Repository Firewall delivers best-in-class malware and malicious code attack protection for your development teams through: 

  • Advanced Protection: Stop attacks at the repository level with automatic quarantining of malicious and suspicious packages.
  • Continuous Threat Prevention: Protect your SDLC from evolving malicious open source threats, including vulnerabilities, malware, next-generation supply chain attacks, brandjacking, typosquatting, dependency confusion attacks and more. 
  • Fast Remediation: Contextual remediation information identifies why components were blocked and offers alternatives so developers can fix issues quickly. 
  • Customizable Policy Rules: Automatically control what OSS components are allowed into your SDLC, what to quarantine, and what is released from quarantine. 
  • Flexible Deployment Options: Cloud, self-hosted, and air-gapped deployment options let you run Sonatype Repository Firewall anywhere. 

With the assurance that their code is secure, developers can focus on innovation rather than dependency management. This enables organizations to deliver safe and innovative software rapidly and effectively.

“We continually hear from customers that they wish they had implemented Repository Firewall sooner,” said Alex Berry, President at Sonatype. “We’re thrilled to deliver a solution that makes software supply chain management at the enterprise level easier than ever before.”

Sonatype Repository Firewall is part of the Sonatype platform, which also includes Sonatype Nexus Repository and Sonatype Lifecycle. Sonatype is also the official maintainer of the Maven Central Repository, one of the world’s first, largest and most well-known Java repositories.

Sonatype is the software supply chain management company. We enable organizations to innovate faster in a highly competitive market. Our industry-leading platform empowers engineers to develop software fearlessly and focus on building products that power businesses. Sonatype researchers have analyzed more than 120 million open source components – 40x more than its competitors – and the Sonatype platform has automatically blocked over 125,000 malicious components from entering developers’ code. Enabling high-quality, secure software helps organizations meet their business needs and those of their customers and partners. Recognized by independent analysts as a leader, more than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on our tools and guidance to be ambitious, move fast and do it securely.