Skip Navigation
Book a Demo
Book a Demo
sonatype-firewall-icon-reverse SONATYPE REPOSITORY FIREWALL

Block malicious open source at the door

Your first line of defense against modern
software supply chain attacks.
Home-Firewall-V2

ENTERPRISE SECURITY

Detect

Decrease risk with early identification and warning of vulnerabilities.

Protect

Block malicious components automatically and keep your SDLC secure.

Release

Automatically release cleared components to developers and reduce friction.

Control

Establish policies and risk tolerance to determine which components are safe.

Home-Firewall-V2

245,032 malicious packages discovered

From
AI behavioral analysis
Automated policy enforcement
Security research team
See Packages

A better way to block malware

Let's Chat

REPOSITORY PROTECTION

Avoid costly supply chain attacks

FIREWALL-REPO-PROTECTION-UI_wTooltip

Block malicious components

Block malicious and suspicious packages until they’re confirmed or cleared by Sonatype’s security research team.

Stop vulnerabilities automatically

Prevent known vulnerabilities and harmful open source releases from downloading into your repository.

Release cleared components

Automatically release cleared components back into your development pipeline for maximum efficiency.

Debunking the Myth of Security vs. Productivity 

A staggering 29% of popular projects contain vulnerabilities. Outsmart risk with Sonatype Repository Firewall.

Read the White Paper

POLICY COMPLIANCE

Automate your policy enforcement

FIREWALL-AUTOMATE-UI_wTooltip

Set policy based on risk tolerance

Decide which components are allowed into your SDLC based on risk factors like age, popularity, and licensing credentials.

Protect against the unknown

Set policy to block suspicious components, even before they are publicly disclosed as vulnerable.

Configure automatic compliance

Prevent applications from moving forward with unwanted or unapproved components.

“Sonatype Platform doesn't presume how you want to use it. It provides you with information. It provides you with data and then it gives you the tools to take that information, customize it, and do what you want with it.”
Jason Hills
Head of Application Security, TD BANK
Logo_TD Bank@2x
See Case Study

Run products anywhere

Flexible deployment options let you run anywhere—without the operational hurdles. Deploy easily with world class support from our Technical Support team at no additional cost.

Cloud

Get started right away. Streamline your infrastructure and rapidly scale with cloud solutions hosted on AWS and managed by Sonatype.
Available for
Firewall_Icon@3x Lifecycle_Icon (1)

Self Hosted

Unlock maximum flexibility. Choose to host on your own servers or in a cloud environment of choice.
Available for
Firewall_Icon@3x Repo_Icon@2x Lifecycle_Icon (1)

Air-Gapped

Adhere to the strictest security standards for government and affiliated organizations. Sonatype offers the only software supply chain solution for air-gapped environments.
Available for
Firewall_Icon@3x Repo_Icon@2x Lifecycle_Icon (1)

Work with the tools you already use

Universal repository support

sonatype-repository-logo
Sonatype Nexus Repository Pro
Better together: Protect your Sonatype Nexus Repository (Pro) with Firewall.
Jfrog-Artifactory-logo
JFrog Artifactory
Using Artifactory? No problem.
Sonatype Repository Firewall supports JFrog’s Artifactory.

Firewall language support

C@2x C
C++@2x C++
Go Modules @2x Go
Gosu@2x Gosu
Java@2x Java
php@2x PHP
Python@2x Python
R@2x R
Ruby @2x Ruby
Scala@2x Scala
Swift@2x Swift
Visual Basic@2x Visual Basic
See All Language Support

Firewall package support

Maven @2x-1 Maven
npm_logo npm
pypi @2x PyPi
nuget @2x Nuget
10-yum Yum
Go Modules @2x Go
Ruby @2x Rubygems
Conan @2x Conan
Cargo Cargo
Gradle Gradle
Conda Conda
R R
See All Package Support
“The Sonatype Platform is consistent with our gradual rise in maturity. The product brings richness from the very first use. Whether you're a beginner or a Sonatype expert, it gives you the ability to find the solutions you need. All our teams are delighted to be able to use it.”
Bruno Darras
Head of DevOps, BNP PARIBAS
BNP Paribas@2x
See Case Study

Enterprise protection from attacks

Features
sonatype-firewall-logo
  • Protection from unknown vulnerabilities
    Yes for npm, PyPl
  • Hosted repository protection from namespace confusion attack
  • Suspicious auto-quarantine
  • Automatic release from quarantine
  • Automated version replacement for dependencies
  • New reports and views for application security and developers
  • Improved developer experience
  • Support for artifactory enterprise
Explore the Sonatype platform
Platform Overview

Block malicious open source at the door

See Pricing