Phylum analyzes open-source packages as they are published to popular open-source repositories. Today we monitor npm, PyPI, Nuget, Cargo, Go, and RubyGems. In the past year we have analyzed millions of packages and hundreds of millions of files. In doing so we have identified nation state campaigns and numerous packages stealing developer credentials!
Start automating software supply chain security to contextualize risks, block attacks and only use open-source that you trust.
Our partnerships are designed to strengthen software supply chain security defenses through correlated, contextual risk analysis combined with the tools our users trust.
Stay up-to-date on sophisticated software supply chain attacks that Phylum has uncovered.