Sonatype, software supply chain management pioneer, recently revealed that Sonatype Repository Firewall has prevented over $1.5 billion in potential losses from malicious open source attacks. As a SaaS-first solution, it is empowering more and more enterprises to accelerate innovation while securing their open source software (OSS) repositories and profitability.
The rate of malicious attacks is constantly on the rise, and so is the cost of these breaches; which IBM estimates to average out at a whopping $5.12 million per attack. Sonatype Repository Firewall serves as the only SaaS solution that tackles malicious open source attacks, identifies and blocks vulnerabilities, and ensures security of open source code repositories through automated policy enforcement and AI behavioral analytics. With the support of Sonatype’s industry-leading research team, Sonatype Repository Firewall scans and analyzes components for vulnerabilities and malicious open source code before they are incorporated into an enterprise’s development life cycle. Currently, Sonatype has evaluated over 120 million open source components, which is 40 times more than its competitors. Furthermore, Sonatype Repository Firewall has identified nearly 145,000 malicious components and blocked them from breaching software development pipelines, saving its customers over $1.5 billion in potential losses.
“An elegantly simple solution to a complex problem, the Sonatype Repository Firewall empowers technology teams to move fast with the confidence that they are protected from malware masquerading as valid open source software,” says Mitchell Johnson, Chief Product Development Officer at Sonatype. “With cyberattacks increasing in frequency and sophistication–and software development regulations becoming increasingly standardized–organizations are looking for fast ways to protect themselves. Sonatype Repository Firewall is a first line of defense that is easy to set up, maintain, and integrate into workflows. Simply put, if you have a repository manager, you need a Repository Firewall.”
Sonatype Repository Firewall gives customers the power of customizable and automated policy enforcement controls, ensuring secure and optimal component delivery. It integrates into existing workflows seamlessly, guiding contextual remediation and replacement. Components known to be secure flow directly into the development pipeline, and malicious components are quarantined. Any packages that seem suspicious are scrutinized by Sonatype’s research team before they are released, guaranteeing safety.
Sonatype Repository Firewall offers your development teams protection against malware and malicious code attacks through:
- Continuous Threat Prevention: Secure your SDLC against evolving malicious open source threats, including vulnerabilities, malware, next-generation supply chain attacks, brandjacking, typosquatting, dependency confusion attacks and more.
- Advanced Protection: Block attacks at the repository level with automatic quarantining of malicious and suspicious packages.
- Customizable Policy Rules: Automatically control what OSS components are allowed into your SDLC, what to quarantine, and what is released from quarantine.
- Fast Remediation: Contextual remediation information recognizes why components were blocked and suggests alternatives so developers can speedily remediate issues.
- Flexible Deployment Options: Cloud, self-hosted, and air-gapped deployment options let you run Sonatype Repository Firewall anywhere.
“We continually hear from customers that they wish they had implemented Repository Firewall sooner,” says Alex Berry, President at Sonatype. “We’re thrilled to deliver a solution that makes software supply chain management at the enterprise level easier than ever before.”