Nexus Firewall​

Your first line of defense against modern supply chain attacks.

Cybercrime and adversaries are getting craftier and more sophisticated with their attacks. Looking at the state of open source projects today, 21,000+ new versions of OSS libraries are being released per day. Supply chain/malware attacks are on the rise with no chance of slowing down.While hackers used to wait for public vulnerability disclosures to exploit in the wild, they’re now proactively manufacturing vulnerabilities and publishing these into repositories — the most popular being the npm repository.

How can organizations combat these supply chain attacks that continue to grow in sophistication? It’s more than auditing your repositories for vulnerabilities.

To truly get ahead of supply chain attacks, you must block vulnerable open source packages before they are downloaded into your repository.
Nexus Firewall does this for you, providing an early warning detection system to prevent the download of critically malicious and suspicious/unverified risk from entering your SDLC.

Automatically detect and blockmalicious malware attacks. Decrease the risk of a security breach by automatically blocking vulnerabilities and harmful OSS releases from downloading into your repository. Sonatype’s Artificial Intelligence evaluates millions of newly released open source software (OSS) components based on different behaviors and identifies if something is a potential threat or not. Those identified as “known malicious” (critically malicious/harmful OSS release) are automatically blocked from being downloaded. Your developers won’t even have the chance to choose components with known vulnerabilities.

Those identified as potentially suspicious/malicious threats are also quarantined until they’re confirmed or cleared of vulnerabilities by Sonatype’s security research team. If cleared, then they are automatically released for your developers to consume.

Create and enforce policy rules. Decide which components are allowed into your SDLC based on common risk factors, including age, popularity, and licensing credentials. From there, configure policy actions to automatically prevent applications from moving forward with unwanted or unapproved components.

Get extensive language coverage. Nexus Firewall proactively prevents known risk from Java, Ruby, .NET, Python Go, RPM and more — as well as unknown risk from JavaScript.

Enjoy universal repository support. Available for Nexus Repository OSS and Pro, and JFrog Artifactory Pro and Enterprise

Key Benefits of Nexus Firewall

Early identification and warning against freshly detected suspicious components within hours ofrelease from the npm repository.

Automatic protection against known critically malicious components.

When combined with NexusLifecycle, avoid recommended versions that are marked a ssuspicious.

We distribute Sonatype products and
provide professional services