The global brain, inside your perimeter.
Run the firewall anywhere — hosted, self-hosted, or behind your own private upstream. The teams with the highest supply-chain risk — defense, finance, critical infrastructure — often can't send a dependency graph to a SaaS at all. Today that leaves a blind self-hosted firewall or nothing. Upwarden gives you self-hosted local detection and private upstream routing today, with fully air-gapped operation — the offline global threat-intel feed, air-gap without going blind — on the roadmap.
Air-gap without going blind
A blind self-hosted firewall only knows what its own installs have happened to see. Our global threat-intelligence pool is derived from scanning the entire public-registry surface — so the firewall in your air gap can be fed by intelligence far broader than its own traffic, while nothing about your dependencies ever leaves.
- Local detection today. At verdict time the engine runs behavioral signals, JVM bytecode analysis, typosquat and dependency-confusion checks locally — with no public egress when the scanner is self-hosted.
- Zero telemetry. No package names, machine identifiers or org names leave your network. It's a core design principle, not a setting.
- The global brain, one-way roadmap A signed, one-way feed of public-registry threat intelligence — so an isolated deployment isn't limited to only what its own engine has scanned.
- Verifiable isolation. The one-way property is something your security team can audit in network policy — intelligence flows in; nothing tenant-specific flows out.
Two egress surfaces, not one
Upwarden is a package-proxy firewall, so isolation has two independent egress surfaces. You can close each one to the level your environment requires.
1 · Package axis
The fetch path — where packages come from.
Private upstream routing available — point each ecosystem at your own mirror or private registry, with multiple auth modes. npm can be fully replaced today.
Full mirror-only / zero package egress planned — a mirror-only mode that closes the fetch path across every ecosystem. Today the non-npm bootstrap paths — NuGet, crates, RubyGems and Go — can still reach public registries.
2 · Threat axis
The intel path — what the firewall knows.
Local detection available — at verdict time the engine runs behavioral signals across every ecosystem, JVM bytecode and divergence analysis, typosquat, dependency-confusion and install-hook denylist checks — with no public egress when the scanner is self-hosted.
Air-gapped intel freshness planned — the CVE/OSV/GHSA blocklist and reputation data still refresh from the internet on a schedule today, so an air-gapped install would run stale intel. Offline, signed intel bundles are the planned fix.
Why the global pool is safe to ship one-way. The pool is derived only from our own first-party scanning of public registries — never from any customer's data. Because no customer ever contributed to it, there is nothing to leak, so it can flow into a third party's air-gapped network with no data-sharing concern. The feed carries only that global layer; everything tenant-scoped — your audit log, policy and configuration — stays inside your perimeter. When the feed ships, an isolated install is planned to surface how current its intelligence is, with offline, signed entitlement tokens — no phone-home.
Four deployment models, one firewall
The product and its verdicts are identical across all four — only who runs it and where the data sits change. We're precise about what's available today versus on the roadmap.
Upwarden Cloud — hosted available
We run it, multi-tenant, with strict per-tenant isolation at the database row level. It runs in the EU — Frankfurt (europe-west3): both the cluster and the database where customer data lives are in the EU, so your data resides in the EU today. Upwarden sees package coordinates and the artifacts it serves — never your source.
Self-hosted available
The whole engine inside your perimeter and infrastructure, in your region, with zero telemetry — nothing about your dependencies leaves your network. You control region, zone and residency: full sovereignty. Built for sovereign and FedRAMP-targeted deployment.
Isolated & air-gapped
Self-hosted local detection and private upstream routing — available today, with zero telemetry. Full zero-egress operation across every ecosystem, and the offline global threat-intel feed — zero-egress intel plus the global brain, air-gap without going blind — are roadmap: the piece that makes an isolated deployment more than blind.
Per-region roadmap
Hosted, but you pick which region your customer data sits in, while the threat system — which holds zero customer data — is shared across all regions. The per-region residency choice is on the roadmap; today, Upwarden Cloud is EU-hosted in Frankfurt.
On maturity, in plain terms. Self-hosted local detection and private upstream routing are available today — alongside zero telemetry, full sovereignty and EU-hosted Upwarden Cloud. The offline global threat-intel feed — zero-egress intel plus the global brain, air-gap without going blind — together with full mirror-only operation and the per-region residency choice, is on the roadmap, marked accordingly above. Tell us your environment in a demo and we'll be precise about what's available now versus on the way.
Talk to us about an isolated deployment
Air-gapped, regulated, sovereign or government — tell us about your environment and we'll map Upwarden to it, and be precise about what's available today versus on the roadmap.