Phylum helps you

Uncover what's lurking in your software dependencies.

Malware. Backdoors. Cryptominers. Phylum helps developers ensure that the software they depend on is free of malicious additions.

Sign Up For Free
What we do

We mine massive datasets from across the open source ecosystem

Condense down the results - providing a simple, easy-to-understand reputation score, and a report containing any problem areas encountered

Understand open source ecosystem threats

Threat and reputation
analysis

Understand where dangers in the ecosystem are - Protect software and developers from malicious packages and updates.

Identify technical debt

Technical debt
identification

Quickly identify potential problems upstream. Find abandoned or poorly-maintained packages and spot unpatched vulnerabilities that impact your products.

Understand your dependency graph

Take charge of your
dependencies

Understand who has the ability to commit code into your repositories through your dependencies, and what risks you are already taking.

Developer First

Phylum was built with developers in mind. We provide first class access to our API to allow you to create the tools and integrations you need.

import phylum
phylum = Phylum('your-secret-key')

# List the packages you use.
deps = { 'react': '1.0.0', 'express': '2.3.4' }

# Check these packages and their dependencies!
ret = phylum.check(deps)

Integrations

Start protecting your software dependencies with Phylum's CI/CD and IDE integrations

About us

We are an early stage startup developing DevSecOps tooling to help developers identify and mitigate risks stemming from the open source ecosystem.

Our founding team and staff is comprised of professionals with decades of collective experience from across the U.S. Intelligence Community and industry. We mine massive datasets from around the web, informing critical decisions within your software stack.

Contact us

Interested in our business or just want to say hi?
We’d love to talk to you.