Skip to main content

Create and setup a Package Firewall

Use Package Firewall to block harmful open-source packages, vulnerabilities, malware, and policy violations to stop threats before they reach your development pipelines.

Create a firewall

Create a firewall to block harmful open source packages.

Before you begin:

  • You must have a Veracode account with the Policy Administrator or Security Lead role.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Select NEW FIREWALL.
  4. Add a name for the firewall, then select ADD FIREWALL.

Manage policies

Package Firewall uses a policy framework to evaluate dependencies and provide tailored results. A default set of policies applies automatically to all newly created firewalls. You can customize a policy by turning individual policies on or off in the Package Firewall interface.

Before you begin:

  • You must have a Veracode account with the Policy Administrator or Security Lead role.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Select the firewall for which you want to modify the policy.
  4. Navigate to the Policy tab.
  5. Use the toggle next to each policy to turn the policy on or off.
  6. You can select the checkbox next to a policy to turn on Warn-only policy. When this option is selected, Package Firewall issues a warning but does not block the package.

Manage exceptions

You can permit specific packages that violate a policy or package versions whose code analysis is incomplete.

Before you begin:

  • You must have a Veracode account with the Mitigation Approver or Security Lead role.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Select the firewall for which you want to manage exceptions.
  4. Navigate to the Exceptions tab.
  5. To allow incomplete package versions, select ALLOW INCOMPLETE. A pop-up appears. To allow all incomplete packages, select Allow all. To allow a specific package version, select Specific package version and complete the required fields. Select Submit.
  6. To allow packages that violate the policy, select GRANT EXCEPTION. A pop-up appears. Complete the required fields and select Submit.

Review firewall activity

Use this tab to view a summary of recent firewall traffic. To review analysis results for a specific package version installed through the firewall, select the package name from the dropdown list. The results for that package appear after you make a selection and show why the package version failed analysis and was blocked by the firewall.

A package version can fail analysis for one of the following reasons:

  • It violates one or more policies. The violated policies are listed in the results.
  • It’s incomplete, and the firewall isn’t configured to accept incomplete packages. This can happen when the analysis of the package hasn’t completed yet and the firewall policy specifies that incomplete packages shouldn’t be accepted.

Before you begin:

  • You must have a Veracode account with the Administrator, Reviewer, Submitter, Mitigation Approver, Policy Administrator, or Security Lead role for Package Firewall.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Select the firewall you want to monitor.
  4. To view the analysis overview, navigate to the Activity tab.

View package downloads

View a list of downloaded packages.

Before you begin:

  • You must have a Veracode account with the Administrator, Reviewer, Submitter, Mitigation Approver, Policy Administrator, or Security Lead role for Package Firewall.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Select the firewall for which you want to view package downloads.
  4. To view download activity, navigate to the Downloads tab.

Remove a firewall

You can remove a firewall if you no longer need it to scan your open-source packages.

Before you begin:

  • You must have a Veracode account with the Policy Administrator or Security Lead role.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Policies > Firewall.
  3. Navigate to the firewall you want to remove, then select the DELETE button.
  4. A pop-up appears with a warning. Select DELETE.
Last updated on