Firewall Management MPI v3.2

Package firewall rules, suppression policies, alerting, and CI/CD integration

Firewall Rules 0

Block Confirmed Malware

MPI confidence ≥ 75% + active compromise → block

Quarantine New Packages

Packages less than 48 hours old → warn

Block Credential Theft

RS-001 or NS-004 signals → block

Block Install Hook Abuse

CS-002 + package < 7 days → block

Warn High PS-OSS Risk

PS-OSS score ≥ 80 → warn

Create / Edit Rule

Rule Name *

Action *

Ecosystem

Package Pattern

Pattern Type

Priority (1=highest)

Min MPI Confidence (0.0-1.0)

MPI Signals (comma-separated)

Threat Types (comma-separated)

Min PS-OSS Score (0-100)

Max Package Age (hours)

MITRE Techniques (comma-separated)

Slack Channel

Description

Name	Pattern	Type	Ecosystem	Action	Priority	Fire Count	Status	Actions
Loading firewall rules...

Suppression Rules 0

Best-Practice Suppression Templates (Not Active by Default)

These templates are recommendations. Activating one creates a disabled draft that you can review before enabling.

Template	Pattern	Reason	Status	Action
Loading suppression templates...

ID	Pattern	Reason	Suppresses	Fire Count	Source	Actions
Loading suppression rules...

Slack Alert Configuration

Use global Phoenix Security alerting configuration

Checking global configuration...

Open Global Alert Settings

Local Slack Webhook URL (Override)

Used only when global configuration is disabled for this firewall workflow.

Local Slack Channel (Override)

Alert Events

HIGH_SUSPECT AUTO_BLOCK JUDGE_OVERRIDE NEW_MALICIOUS

Alert Frequency

Immediate Hourly Daily

Enable Alerts

Total Rules

Total Fires Today

Blocked Packages

Active IOCs

Rules Fired (Last 7 Days)

Ecosystem Breakdown

Latest Malware Sightings

Package	Version	Ecosystem	Threat Type	Tags	Confirmed
Loading sightings...

GitHub Actions

Block malicious packages in your GitHub Actions CI pipeline before they reach production.

name: Phoenix Firewall Check
on: [push, pull_request]
jobs:
  firewall-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Phoenix Firewall Scan
        run: |
          curl -sSf $PHOENIX_API/firewall/scan \
            -H "Authorization: Bearer ${{ secrets.PHOENIX_TOKEN }}" \
            -d @package-lock.json
        env:
          PHOENIX_API: https://your-instance.cvedetails.io/api/v1/malware-intel

GitLab CI

Integrate Phoenix firewall checks into your GitLab CI/CD pipeline stages.

phoenix-firewall:
  stage: test
  image: curlimages/curl:latest
  script:
    - |
      curl -sSf $PHOENIX_API/firewall/scan \
        -H "Authorization: Bearer $PHOENIX_TOKEN" \
        -d @package-lock.json
  variables:
    PHOENIX_API: "https://your-instance.cvedetails.io/api/v1/malware-intel"

Jenkins

Add Phoenix firewall scanning to your Jenkins declarative or scripted pipelines.

pipeline {
  agent any
  stages {
    stage('Phoenix Firewall') {
      steps {
        withCredentials([string(
          credentialsId: 'phoenix-token',
          variable: 'TOKEN')]) {
          sh '''
            curl -sSf $PHOENIX_API/firewall/scan \
              -H "Authorization: Bearer $TOKEN" \
              -d @package-lock.json
          '''
        }
      }
    }
  }
}

Setup Instructions

Generate an API token from your User Dashboard (Pro or Enterprise tier required).
Store the token as a secret in your CI/CD platform (e.g., PHOENIX_TOKEN).
Copy the appropriate template above into your pipeline configuration.
Replace your-instance.cvedetails.io with your Phoenix Security instance URL.
The scan endpoint accepts package-lock.json, yarn.lock, requirements.txt, Gemfile.lock, go.sum, and pom.xml.
The pipeline will fail with exit code 1 if any blocked packages are detected.