Sonatype Firewall Pro now available for third-party users!

Sonatype Lifecycle & Repository Firewall
1

Firewall Pro is now generally available

We’re excited to announce that Sonatype Firewall Pro is now generally available.

Firewall Pro helps teams protect third-party repository environments from malicious open source packages before they are downloaded. It works as a cloud-based proxy between your repository manager and the public registries your teams use, blocking malicious packages from npm, Maven, PyPI, and NuGet before they reach development or CI workflows.

You can read the full launch announcement here:

And you can explore Firewall Pro here:

Why Firewall Pro matters

Open source consumption happens fast. Developers and build systems pull packages constantly from public registries, and attackers continue to find new ways to exploit that trust.

Typosquatting is one well-known attack pattern, but it is not the whole problem. Malicious packages can use a range of techniques to evade simple name-based checks and reach developers before security teams have a chance to respond. For a deeper look at why typosquatting detection alone is not enough, read our research whitepaper:

Firewall Pro gives teams a focused way to reduce risk at the point of consumption, before malicious packages are downloaded into repository, development, or CI environments.

What Firewall Pro helps you do

With Firewall Pro, teams can:

  • Block malicious packages before they are downloaded
  • Protect npm, Maven, PyPI, and NuGet package consumption
  • Add protection for third-party repository environments
  • Keep existing repository and CI workflows in place
  • Get started quickly with registry-specific proxy URLs
  • Adopt malicious package protection through usage-based pricing

How it works

Firewall Pro sits between your repository manager and the public registries your teams rely on. Instead of connecting directly to a public registry, your repository manager connects through an authenticated Firewall Pro URL.

When developers or CI systems request packages, Firewall Pro checks those requests before packages are downloaded, helping prevent malicious components from entering your software supply chain.

Who Firewall Pro is for

Firewall Pro is a strong fit for teams that want fast, focused malicious package protection for third-party repository environments. It is especially useful for organizations that rely on npm, Maven, PyPI, or NuGet and want to reduce software supply chain risk without replacing existing repository or CI workflows.

Have questions about Firewall Pro or how it fits into your repository workflow? Reply below and we’ll be happy to help.

1 Like