Skip to content
Phylum

Phylum

Automate software supply chain security to prevent malware, vulnerabilities, and other risks

by phylum-dev204 installs
Add

About

phylum.io
GitHub has verified that the publisher controls the domain and meets other requirements.

Supported languages

JavaScript, Ruby, Python, Java, Go, C#, Rust, and TypeScript

Phylum blocks software supply chain attacks. Automate software supply chain security to contextualize risks, block attacks and only use open-source code that you trust. View full app documentation here.

Phylum monitors real-time package publications to NPM, PyPI, RubyGems, NuGet, Crates.io, and Maven. Phylum defends applications by surfacing, as PR comments and status check failures, dependency risks to include:

  • Malware
  • Typosquatting
  • Dependency Confusion
  • Credential Stealers
  • Bad Authors
  • Vulnerabilities
  • More

Proven record defending developers

Phylum analyzes millions of open-source packages yearly to identify thousands of malicious packages. The Phylum Research blog highlights the latest attack techniques and campaigns uncovered by the platform.

Phylum was named the winner of the first Black Hat Startup Spotlight Competition and named a Top Infosec Innovator by Cyber Defense Magazine. Bring this award-winning technology to your CI/CD pipeline in 60 seconds.

Join us on the Phylum Community Discord!

Configure which repositories to monitor

Pricing and setup

For individual or company accounts

$0

Free

For individual or company accounts

  • Block open-source risks across five domains
  • Protect from CI/CD born attacks
  • Join the Phylum Discord community to collaborate with other developers and security professionals

Next: Confirm your installation location

Phylum is provided by a third-party and is governed by separate privacy policy and support documentation