Phylum helps you
Uncover what's lurking in your software dependencies.
Malware. Backdoors. Cryptominers. Phylum helps developers ensure that the software they depend on is free of malicious additions.
Sign Up For Free
We mine massive datasets from across the open source ecosystem
Condense down the results - providing a simple, easy-to-understand reputation score, and a report containing any problem areas encountered
Threat and reputation
analysis
Understand where dangers in the ecosystem are - Protect software and developers from malicious packages and updates.
Technical debt
identification
Quickly identify potential problems upstream. Find abandoned or poorly-maintained packages and spot unpatched vulnerabilities that impact your products.
Take charge of your
dependencies
Understand who has the ability to commit code into your repositories through your dependencies, and what risks you are already taking.
Developer First
Phylum was built with developers in mind. We provide first class access to our API to allow you to create the tools and integrations you need.
import phylum
phylum = Phylum('your-secret-key')
# List the packages you use.
deps = { 'react': '1.0.0', 'express': '2.3.4' }
# Check these packages and their dependencies!
ret = phylum.check(deps)
Integrations
Start protecting your software dependencies with Phylum's CI/CD and IDE integrations
About us
We are an early stage startup developing DevSecOps tooling to help developers identify and mitigate risks stemming from the open source ecosystem.
Our founding team and staff is comprised of professionals with decades of collective experience from across the U.S. Intelligence Community and industry. We mine massive datasets from around the web, informing critical decisions within your software stack.
Contact us
Interested in our business or just want to say hi?
We’d love to talk to you.