Skip Navigation

Sonatype’s Nexus Firewall Now Protects JFrog Artifactory


World’s First Application Security Solution that Universally Protects DevOps Pipelines from Vulnerable Open Source Components

Fulton, MD.  – February 28, 2019 –  Sonatype, the inventors of software supply chain management, announced today that Nexus Firewall is now available to JFrog customers to automatically stop vulnerable open source components from entering into Artifactory Repository Managers.  

Introduced in 2016 and originally designed as a complement to Nexus Repository, Nexus Firewall was the world’s first DevSecOps solution to shift automated open source governance to the earliest point in the software development lifecycle. Beginning today, JFrog customers can use Nexus Firewall to automatically analyze, block, and selectively admit components into their Artifactory repository managers, including support for RubyGems, RPM, PyPI, NuGet, npm and Java components.

“Over the past few years, hundreds of companies using our Nexus Repository Manager have embraced Nexus Firewall to stop defective open source components from entering into their software development environments,” said Wayne Jackson, CEO of Sonatype.  “But, the vast majority of the industry has heterogeneous DevOps infrastructure and needs universal protection -- not just for Nexus Repository, but for Artifactory as well.”

Nexus Firewall is not the first Sonatype product to add value on top of Artifactory.  Many JFrog customers have long utilized Nexus Lifecycle to automatically and contextually govern open source security and licensing risk across their entire software supply chain.

According to Sonatype’s 2018 State of the Software Supply Chain Report, 12.1% of Java packages downloaded by developers had a known vulnerability. Data released in October 2018 also revealed that 51% of all npm packages downloaded had a known security issue.  Nexus Firewall can block these vulnerable components at the front door, impeding their use across the enterprise.

Additional Resources:

About Sonatype

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source.  Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.  Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at