Sonatype Air-Gapped Environment (SAGE)

Accelerating Assurance for High-Security Development Across the Mission Lifecycle

The Sonatype Air-Gapped Environment (SAGE) operationalizes compliance of air-gapped development environments with the DoD RMF/CSRMC, the EU’s Cyber Resilience Act (CRA), CMMC 2.0, NIS2, DORA, ISO 27001, and defense frameworks such as the Modular Open Systems Approach (MOSA) and NATO’s Defence Production Action Plan (DPAP).

Compliance Velocity

Automated SBOMs and verifiable artifact integrity for global regulatory readiness.

Interoperability

Provenance-driven trust across US and allied networks enabling accreditation and NATO-scale interoperability.

Mission Resilience

Offline automation and full-stack integration ensure continuity under isolation.

Explore the Benefits an Air-Gapped Environment with Sonatype

Assured Software Integrity

SAGE enforces full artifact traceability within your air-gapped environment ensuring each deployment aligns with U.S. DoD SWP and SBOM mandates, ISO 27001, and the EU’s NIS2 Directive.

Simplified Global Compliance

Automate SBOM creation and regulatory evidence to accelerate accreditation under frameworks such as CPCSC (Canada), DCPP (UK), DISP (Australia), METI (Japan), and Singapore’s Cybersecurity Act.

Offline Automation and Intelligence

SAGE allows automated policy enforcement, vulnerability detection, and dependency management within isolated networks to maintain operational assurance without external calls.

Mission-Ready Scalability

Designed for sovereign confidence, SAGE scales from a single secure enclave to multinational environments supporting interoperability under MOSA, NATO DPAP, and allied cyber frameworks.

What is an air-gapped environment?

An air-gapped environment is a secure network or system that is disconnected from the internet and other unsecured environments. This separation prevents unauthorized access and reduces the risk of cyberattacks, making it a preferred choice and often mandatory for highly sensitive data and critical systems. Air-gapped environments are commonly used in:

Government and defense sectors to protect classified data.
Critical infrastructure like power plants, water treatment facilities, and transportation.
Healthcare industry to isolate systems storing patient information.

How to deploy an air-gapped environment with Sonatype?

IQ Server, Nexus Repository, and Data Service are installed using RPMs, Docker containers, or Helm charts. You must also provision MySQL and PostgreSQL databases, and configure shared storage (NFS or S3) within your disconnected network

How does an air-gapped environment differ from an on-premises deployment?

While both air-gapped and on-premises deployments involve hosting systems within an organization’s infrastructure, they differ significantly in their network connectivity and security posture. On-premises deployments are hosted locally, but maintain connections to the internet. In contrast, air-gapped environments are completely isolated from any external network to prevent any data transfer that isn’t explicitly authorized. Air-gapped deployments offer a higher level of cybersecurity than those done on-premises because it eliminates the risk of data exfiltration through network channels.

How do you keep the data updated in an air-gapped environment?

Administrators use Sonatype's Update Tools on an internet-connected machine to download data bundles on a daily basis. These files are transferred to the air-gapped network, then updates are applied to the databases using Sonatype provided utilities. Some customers have automated this entire process.

DEPLOYMENT ENVIRONMENT

Sonatype Air-Gapped Environment (SAGE)

Software integrity for the world's most secure missions — trusted across defense, intelligence, and critical infrastructure worldwide..