Getting Started with Repository Firewall
Repository Firewall is a set of features, powered by IQ Server, that integrate with your Nexus Repository Pro or through a plugin with JFrog Artifactory.
Configuring Repository Firewall involves the following steps:
-
Installing IQ Server or your Firewall Cloud tenant (not needed for Lifecycle customers)
Connect your artifact repository to the IQ Server instance
Select your repositories to be protected by Repository Firewall
Configure your governance policies to quarantine and protect you from new risk
Installing IQ Server
Follow these instructions for installing the IQ Server
Your Sonatype Repository Firewall license will need to be added to your installation of IQ Server for either the self-hosted or the Cloud (SaaS) configurations.
At this point, you may wish to review the default Firewall policies. Sonatype's reference policy set is recommended for most new customers however adjusting them before the initial audit will save some time later.
Connecting your artifact repository
Your Repository Firewall license supports either Nexus Repository Pro or JFrog Artifactory.
Nexus Repository Pro
The Firewall features are enabled in Nexus Repository Pro when you install your license.
See Nexus Repository 3 Pro Setup
JFrog Artifactory
For JFrog Artifactory you are required to install and manage the Repository Firewall for Artifactory plugin to enable the functionality. Note that Artifactory SaaS is not supported.
Using the guided setup
We recommend using the Repository Firewall Guided Setup for the fastest deployment.
Manual installation requires each repository to be configured one at a time. The guided setup simplifies this by allowing you to select every repository to be onboarded from one view.
To manually configure Nexus Repository, review the Firewall Audit and Quarantine Capability
Review the repository audit
Once the Repository Firewall is enabled, it will begin to audit your configured repositories for open-source threats and generate a report for you to review your current risk.
Learn more about the Repository Results view.
Important
Components currently in your artifact repository are not affected; there will be no disruption to your existing builds and deployments.