Combating modern-day supply chain attacks is significantly more complicated than in the past. Adversaries are getting craftier and are no longer waiting to exploit publicly disclosed vulnerabilities to launch a cyberattack. These next-gen attacks require a next-gen open source security solution. Nexus Firewall provides just that — an early warning detection system preventing malicious and suspicious open source components from entering your SDLC.
Decrease the risk of a security breach by automatically blocking known vulnerabilities and harmful OSS releases.
Critically malicious components and newly released suspicious components are automatically blocked, so your SDLC is always secure.
Components that clear suspicious rating are automatically released to be consumed by developers, reducing time spend reviewing components and reducing friction.
Decide which components are allowed into your SDLC based on common risk factors, including age, popularity, and licensing credentials.
Firewall automatically returns secure versions of component version range requested so that developers spend less time choosing the most secure version.
Native integration with Nexus Repository and support for JFrog Artifactory Enterprise with high availability.
Sonatype’s Artificial Intelligence evaluates open source software (OSS) components based on different behaviors and determines if something is a potential threat or not. Those that are “known bad” (critically malicious/harmful OSS release) are automatically blocked from download. Your developers won’t even have the chance to choose components with known vulnerabilities.
Those identified as potential threats, specific to npm packages, are also quarantined until they’re confirmed or cleared of vulnerabilities by Sonatype’s security research team. If cleared, it is automatically released based on your policy.
Sonatype’s Artificial Intelligence evaluates open source software (OSS) components based on different behaviors and determines if something is a potential threat or not. Those that are “known bad” (critically malicious/harmful OSS release) are automatically blocked from download. Your developers won’t even have the chance to choose components with known vulnerabilities.
Those identified as potential threats, specific to npm packages, are also quarantined until they’re confirmed or cleared of vulnerabilities by Sonatype’s security research team. If cleared, it is automatically released based on your policy.
Use Sonatype’s out-of-the-box policy options or customize your own. Your policy settings dictate what OSS components are allowed into your SDLC, what is put into quarantine, and what is released from quarantine. Customize your rules based on common risk factors like popularity, and licensing credentials, and address known and unknown vulnerabilities via Sonatype’s Integrity Rating. From there, configure policy actions to automatically prevent applications from moving forward with unwanted or unapproved components.
Use Sonatype’s out-of-the-box policy options or customize your own. Your policy settings dictate what OSS components are allowed into your SDLC, what is put into quarantine, and what is released from quarantine. Customize your rules based on common risk factors like popularity, and licensing credentials, and address known and unknown vulnerabilities via Sonatype’s Integrity Rating. From there, configure policy actions to automatically prevent applications from moving forward with unwanted or unapproved components.
Nexus Firewall is the only solution that can detect and block known and unknown risk, at scale, from entering the SDLC.
Step 1: Install & Start IQ Server
Step 2: Import Reference Policies
Step 3: Configure Policy Actions
Step 4: Nexus Repository Manager Configuration
Step 5: Review Repository Results
Step 6: Investigate & Remediate Violations
A great place to learn more about how to get started using Nexus Firewall would be our comprehensive getting started documentation.
Each single license for one user is $424 per year* for Nexus Firewall. Please refer to our Pricing Page for more information on pricing. We do offer volume discounts, as well.
Please contact our sales team today to see if you qualify for any additional discounts.
*Pricing based on 100 users
Nexus Firewall is compatible with Nexus Repository and JFrog Artifactory.
If you’re looking for more information either of the two compatible repository managers, you can find the following below:
Our ML/AI systems monitor the entire npm ecosystem 24x7x365 and observe every code commit and every new package that is published. We watch for abnormal behavior that is indicative of malicious activity, and if abnormal behavior is observed, we do four things:
If found malicious, those components are kept in quarantine and blocked. If found safe, they are automatically released from quarantine and permitted to enter the software supply chain.
Nexus Firewall helps prevent supply chain attacks from publically known or unknown vulnerabilities. More specifically, Nexus Firewall has helped stop dependency confusion, cryptomining malware, ransomware, and other attacks from bad actors.
Nexus Firewall proactively prevents known OSS risk from Java, Ruby, .NET, Python Go, RPM and more, as well as unknown risk from JavaScript.
Better together: Protect your Nexus Repository
(Pro) with Firewall.
Using Artifactory? No problem.
Nexus Firewall supports JFrog’s Artifactory.
“[Sonatype] has helped developer productivity. It’s like working in the dark and all of a sudden you’ve got visibility. You can see exactly what you’re using and you have suggestions so that if you can’t use something, you’ve got alternatives. That is huge.”
“[Sonatype] has helped developer productivity. It’s like working in the dark and all of a sudden you’ve got visibility. You can see exactly what you’re using and you have suggestions so that if you can’t use something, you’ve got alternatives. That is huge.”
Empower teams with precise component intelligence to enforce policies and continuously remediate risk.
LEARN MORE >
Need Cloud? Sign up for Early Access.
Empower teams with precise component intelligence to enforce policies and continuously remediate risk.
Idenfify and remediate OSS risk in containers for build and run-time protection.
Manage libraries and store artifacts in a universal repository and share them across development teams.
Generate a software bill of materials to identify open source components used within third-party or legacy apps.
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.
Terms of Service Privacy Policy Modern Slavery Statement Event Terms and Conditions Do Not Sell My Personal Information