Sold by: SonatypeÂ
Deployed on AWS
Free Trial
Block malicious open source at the door, before entering your devops pipeline
Overview
Block Malicious Open Source at the Door
Strengthen your software supply chain security by automatically detecting known and unknown open source malware before it enters development. Sonatype Repository Firewall is the only automated solution that stops open source malware at the source. Powered by next-generation AI behavioral analysis and automated policy enforcement, it evaluates components before they reach your repository, ensuring developers can work with safe, up-to-date OSS components and avoid costly issues later in the development lifecycle.
What Makes Repository Firewall Different:
- Block Open-Source Malware Automatically: Prevent malicious components from entering your software supply chain with AI-driven detection and automated policy enforcement.
- Eliminate Existing Threats: Identify and remove malware already in your repositories, keeping your development environment secure.
- Protect Without Slowing Developers: Seamlessly safeguard your pipeline without disrupting workflows or slowing innovation.
- Sonatype Repository Firewall is your first line of defense against open-source malware, combining automated protection with seamless integration to reduce security burdens and accelerate time to market - all without compromising speed, quality, or innovation. Develop fearlessly. Innovate confidently.
As the industry-leading software supply chain management platform, the Sonatype Platform is the choice of organizations that are currently using or evaluating solutions such as Mend, Jfrog, Snyk, or GitLab. Sonatype provides a comprehensive and integrated solution for all aspects of the software development lifecycle, from secure development to release automation, helping organizations reduce risk and accelerate their time to market.
Highlights
- Start your 30-day Free Trial on AWS Marketplace today!
- Bad actors are constantly evolving their attack vectors. Sonatype has identified and blocked over 143k malicious and suspicious packages.
- Sonatype Repository Firewall has prevented over $1.5 Billion in potential losses from malicious open source attacks.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Repository Firewall | For One User | $302.00 |
Vendor refund policy
We do not offer a refund policy.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sonatype
By Solve DevOps
Top
10
In Software Development
Top
10
In Continuous Integration and Continuous Delivery, Application Development, Security
Top
10
In Agile Lifecycle Management, Source Control
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Malware Detection
AI-driven behavioral analysis for identifying and blocking malicious open source components
Policy Enforcement
Automated policy mechanisms to prevent unauthorized or suspicious software components from entering development pipeline
Threat Elimination
Capability to identify and remove existing malware within software repositories
Component Evaluation
Pre-repository scanning mechanism that assesses open source components before integration
Security Analysis
Next-generation AI-powered scanning technology for detecting known and unknown open source malware
Artifact Management
Universal artifact repository supporting 40+ package and file types including machine learning models
Security Scanning
Comprehensive security solution with contextual vulnerability analysis, prioritization, and anti-tampering mechanisms across software development lifecycle
Software Supply Chain Traceability
Massively scalable platform providing end-to-end visibility and control across software development and deployment environments
Vulnerability Detection
Advanced security scanning for real-world risk analysis, exposure discovery, and early blocking of malicious open source packages
DevSecOps Integration
Hybrid platform integrated with multiple software package technologies and tools for consolidated enterprise development workflows
Artifact Format Support
Supports multiple artifact formats including Docker, Java, Go, PHP, Python, and other development ecosystems
Access Control
Implements role-based access controls for secure artifact management and repository access
Repository Management
Centralized repository for storing, publishing, and retrieving versioned applications and dependencies
Operating System
Deployed on Ubuntu 20.04 Linux distribution with optimized configuration
Software Artifact Storage
Provides private hosted repositories for managing software development artifacts and dependencies
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
2 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Jay-Kim
Accurate database support blocks malicious code with excellent support
Reviewed on Jan 20, 2025
Review provided by PeerSpot
">
What is our primary use case?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository . We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
What is most valuable?
The firewall is the only solution that supports Nexus Repository. This firewall comes with an accurate database, which can identify most malicious code from entering. It relies on the Sonatype accurate database, so the accuracy is excellent. There is no other option except Sonatype deploy to the firewall.
What needs improvement?
There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support. However, I have heard that it is on the roadmap for 2025.
For how long have I used the solution?
I have been using this solution for four years.
What do I think about the stability of the solution?
It is software, so there is always a possibility of bugs, however, they are quite fast in fixing these bugs. It is quite stable.
What do I think about the scalability of the solution?
There is an option to scale the capacity using an external database, and then you also have support. I do not think there is any issue with scalability.
How are customer service and support?
The customer service is fantastic. They provide the required responses and relevant support, which is the biggest advantage of using Sonatype.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I do not have handling experience with another firewall. Sonatype Firewall is the only one I have been using. There is only one other alternative.
How was the initial setup?
The initial setup is quite straightforward and easy. It is not complicated.
What about the implementation team?
Just a couple of staff members can complete the installation and configuration.
What's my experience with pricing, setup cost, and licensing?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
Which other solutions did I evaluate?
We looked at Sonatype or Gather. There are not that many options.
What other advice do I have?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.Â
Preeti R.
Nexus Firewall
Reviewed on Mar 23, 2023
Review provided by G2
What do you like best about the product?
it blocks malicious activities & keeps your data and network security along with easy Established policy. it prevents your applications from moving forward with unapproved components.
What do you dislike about the product?
There is lack of the option of technical support .should have knowledge of SDLC , DevOps & Nexus Repository Manager. Should have to take proper understanding of solutions
What problems is the product solving and how is that benefiting you?
Want to protect our application from Open source threats. malicious activities. Want to get the automated and Complete Monitoring, Reports and Security Vulnerabilities.