Define & Enforce Software Supply Chain Policy

Experience seamless, always-on protection and policy enforcement

Book a demo

Security-as-Code Mechanism to Enforce Policy Without Disruption

Phylum’s policy engine sits directly between the open-source ecosystem and the tools developers use to build source code, in line with the package selection process.

Install

Limit Risk and Reduce Remediation

Automatically enforce software supply chain security and compliance policy directly in developers’ native work environments to block attacks and ensure only trusted code is used

Comply by Default

The Phylum platform comes equipped with a default policy that detects risks across five domains - software vulnerabilities, license misuse, OSS malware, author risk and reputation and engineering risk – and blocks attacks. The default policy also allows organizations to comply with software supply chain security regulations in NIST, ISO and more.

Customize Policy

Leveraging OPA, users with more specific requirements can easily write custom policies as needs evolve.

Open-Source Ecosystems & Data Feeds

Languages

TypeScript

JavaScript

Ruby

Python

C#

Java

Go

Rust

Package Managers

npm

JavaScript Package Manager

Maven

Apache Maven

PyPi

Python Package Index

NuGet

Microsoft NuGet

Cargo

Rust Crate Registry

RubyGems

Ruby Package System

Phylum Research

Follow our research blog to stay up to date on our latest reports and findings.

See Phylum Research

Rust Malware Staged on Crates.io

Phylum successfully identified and stopped the publication of malicious packages to the Rust ecosystem, Crates.io.

Sophisticated, Highly-Targeted Attacks Continue to Plague npm

Packages found communicating with C2 servers waiting for commands from attackers.

Targeted npm Malware steals company source code

Packages uncovered exfiltrating source code to an attacker controlled FTP server...