Provenance-Based Risk Approach
To truly mitigate the risk of using open-source software, organizations must continuously analyze all packages published into the numerous ecosystems, in real time and at scale. The open-source ecosystem continues to grow at an increasing rate, but, how do you know what code to trust and why?

The Phylum Risk Framework

Malicious Code
Find malware and backdoors that can compromise developers, build or production infrastructure.

Software Vulnerabilities
Identify vulnerabilities beyond curated repositories. Phylum’s ML catalogues vulnerabilities not registered in conventional databases.

Authorship Risk & Reputation
Correlate human elements of the author persona including country of origin, commit record, social networks and security posture.

License Misuse
Evaluate the commercial viability of licenses and how they change over time.

Engineering
Assess package viability by analyzing test coverage, level of maintenance, technical debt and code quality.

Understand Risk For Priority Outcomes
Set the criteria and know the risk in the context of your business objectives

Define your threat model to tune signal:noise
Customize scoring criteria to align with risk tolerance associated with your specific business needs.

Remove roadblocks to fast, secure innovation


Enforce policy

Address alert fatigue
Integrate in 60 seconds
Operate at the speed of development by integrating into your unique development process.






Stay ahead of modern attacks
Automate the entire process of identifying packages, analyzing software supply chain risks and keeping up with evolving threats.

Reduce open-source attack surface


Phylum Research Blog
Follow our blog to stay up to date on our ongoing research updates.

Hidden Dependencies Lurking in the Software Dependency Network
Part 1 in a blog series that will explore the software dependency ne...


Phylum's Monthly Malware Report: May 2022 - Precarious Payloads
To combat software supply chain attacks Phylum has been purpose-buil...


Phylum’s Monthly Malware Report: April 2022 - Malware Magnified
In 30 days Phylum has processed a total of 647,928 packages across N...
