Veracode Package Firewall
Modern software relies on many third-party packages, which can introduce risks such as malware injection, typosquatting attacks, and license violations. Use Veracode Package Firewall to configure your artifact repositories or package managers to block untrusted packages automatically.
Instead of connecting your system directly to the primary ecosystem registry, connect it to Package Firewall. After you review and configure your Package Firewall policy, the service automatically blocks any package or version that doesn’t comply with the defined rules and helps mitigate risks from unverified sources, known vulnerabilities, and compromised dependencies.
Package Firewall continuously ingests and processes packages across all supported ecosystems to provide near-instant analysis results. If a submitted package has not already been preprocessed, the application takes approximately 30 minutes to acquire the package and run heuristics and rules. This process runs concurrently. Processing one package or 100 packages generally takes the same amount of time.
Each role provides a different level of access within Package Firewall. Assign users to one of the following roles:
For a summary, see the role table.
Supported ecosystems
The following table lists the supported ecosystem registries and their corresponding custom Veracode registry URLs.
To use these artifact repositories or package managers with Package Firewall, see Connect Package Firewall to package ecosystems.
| Ecosystem | Veracode registry URL |
|---|---|
| Cargo | https://cargo.firewall.veracode.com |
| Golang | https://golang.firewall.veracode.com |
| Maven | https://maven.firewall.veracode.com |
| NPM | https://npm.firewall.veracode.com |
| NuGet | https://nuget.firewall.veracode.com |
| PyPI | https://pypi.firewall.veracode.com |
| RubyGems | https://rubygems.firewall.veracode.com |