Subscribe to our Research
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Users can easily set and enforce acceptable use policies at the perimeter of the open-source ecosystem by leveraging the Phylum policy library to choose criteria based on specific indicators, attack types or regulatory guidelines, or create custom policy using Open Policy Agent (OPA).
The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more.
Additionally, the flexibility of OPA enables customers to develop incredibly flexible and granular policies that fit their unique needs, based on any attribute related to the open-source software.
Phylum operates as seamlessly as possible. If a developer attempts to install a version of a package that violates organizational policy, Phylum will replace that package with a version that satisfies the developer’s requirements while remaining compliant. The development process remains uninterrupted, secure software is used and a breakage is only caused if no viable alternatives exist.
In effect, this means that Phylum will be invisible in most cases and silently guide developers to use more secure software and will only cause a breakage if no viable alternatives exist.
Phylum is able to integrate with enterprise communication tools like Slack or Teams to notify developers of issues that cannot be automatically remedied.
It also provides a workflow in-line with the notification to request an exception to a policy, when needed.
This results in less friction between security and engineering organizations, less time spent correcting problems for software developers, and less time spent triaging findings for security teams.
