Quarantine new policy

Quarantines new packages and versions added to a registry to enforce review and attestation

The Quarantine New policy streamlines package security by ensuring automatic review and approval of new additions, minimizing vulnerabilities, and boost development control.

The policy is designed to automatically quarantine newly added packages within your Bytesafe firewall or registry. By requiring a review and approval process before new packages become available for installation, this policy significantly improves the security and accountability of your software development process.

Use Cases and Benefits

Enabling the policy provides the following benefits:

  • Review and vet new packages before they are made available to your team
  • Minimize the risk of vulnerabilities or malicious code being introduced to your projects
  • Improve accountability by maintaining an auditable record of quarantined and released packages (package approvals and rejections)
  • Streamline your attestation process by integrating it into your Bytesafe workflow

Enabling the Quarantine New Policy

To enable the Quarantine New policy, follow these steps:

  1. Log in to your Bytesafe workspace and navigate to your firewall or registry and click on the Plugins tab
  2. Locate the Quarantine New policy in the list of policies and toggle to enable it.
  3. Done! You’ve now applied the policy for your firewall or registry. Once the policy is active, all new packages added to the registry will be quarantined and require a review before they can be installed.
If you choose to disable the policy, any packages in Quarantine will remain there until you release them from quarantine.

Example

A developer (or CI/CD system) tries to install a new version of a dependency, 1.3.0, from the public npm registry. As the Quarantine New policy is enabled and it’s a new version that does not exist in the registry, it will be quarantined.

This is a good way to elevate your review and attestation process. The package will need to be reviewed and released from quarantine before it’s made available to anyone. This in combination with Role Based Access Control boosts security.

flowchart LR
  A[Developers] <--- B[/Quarantine: Dependency v.1.3.0/] <---  C[fab:fa-npm registry.npmjs.org]