IT Brief UK - Technology news for CIOs & IT decision-makers
Story image

Sonatype updates Repository Firewall to target open-source malware

Today

Sonatype has announced significant updates to its Repository Firewall, designed to enhance proactive malware protection throughout the software development lifecycle for enterprises.

The enhancements are designed to help development, security, and data science teams block known and suspected malicious components at an early stage. The approach reduces the need for rework, prevents potential security incidents, and ensures consistent enforcement of policies across traditional, containerised, and artificial intelligence (AI)/machine learning (ML) environments.

Malicious open-source packages represent a particular risk within the industry, as they often bypass traditional security solutions. These packages, which Sonatype refers to as open source malware, tend to evade detection by standard perimeter tools and can enter development environments before software composition analysis tools are activated. Sonatype's Repository Firewall identifies and blocks these malicious packages before they are downloaded, minimising exposure and protecting every entry point for open source and third-party components.

As part of the new features, Sonatype Repository Firewall now integrates with Zscaler Internet Access (ZIA). This expansion delivers open source software intelligence and protection to the network perimeter. The combination of Repository Firewall and Zscaler is designed to prevent high-risk open source components from entering the development pipeline, giving developers increased confidence as risky elements are filtered out early.

The integration aims to address the challenge of shadow downloads, which Sonatype defines as open-source components downloaded directly from public repositories onto developer machines, thereby circumventing internal controls. According to Sonatype's data, there has been a 32.8% rise in shadow downloads throughout 2024, illustrating the expanding risk facing organisations. By enforcing security measures both at the perimeter and within developer processes, the integration with Zscaler delivers what is described as end-to-end protection against open-source malware in DevSecOps environments.

Tyler Warden, Senior Vice President of Product at Sonatype, stated, "Enterprises are doubling down on zero trust strategies, and that must include open source software and AI governance. By combining ZIA with Sonatype's intelligence-driven policy-based blocking, teams can proactively quarantine risky components at the point of ingestion, reducing attack surface, manual effort, and remediation costs — while increasing coverage and strengthening governance."

The Repository Firewall now also includes support for Docker registries, allowing organisations to extend malware and vulnerability protection to container images alongside traditional package formats. This ensures consistent security and compliance across various deployment methods, including virtual machines, Kubernetes clusters, and cloud-native architectures. Developers can receive feedback and protections, regardless of whether containers are used for testing or production deployment, all without altering their workflow.

Another addition is support for Hugging Face AI models. This feature brings the capabilities of the Repository Firewall to AI and ML components, giving teams the ability to detect and block potentially malicious or non-compliant Hugging Face models before incorporation into development workflows. Earlier this year, Sonatype researchers identified and addressed vulnerabilities in 'picklescan', a security tool on Hugging Face, which had allowed malicious AI models to evade detection.

By applying stringent checks to AI models similar to those used for traditional open-source packages, organisations can guard against emerging threats, such as malicious PyTorch pickle files and other risky model payloads that might otherwise appear harmless. With developers and data scientists increasingly adopting advanced AI tools and model libraries, the Firewall is positioned to help maintain security and compliance standards.

The firewall has also been enhanced with an automated malware detection system that works at scale. A new suite of application programming interfaces provides real-time malware insights, enabling detection and blocking of malicious components during any stage of the software development lifecycle. Organisations can automate detection and enforcement tasks across continuous integration and continuous delivery pipelines, security tools, and threat prevention platforms. This flexibility allows teams to specify how and where to restrict risky components based on their environments and risk definitions.

Sonatype reports that its Security Research Team is actively monitoring the evolving threat landscape. The company's Open Source Malware Index for the first quarter of 2025 indicates substantial growth in data exfiltration packages over the past year. Repository Firewall is intended to address these challenges without disrupting developers.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X