Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation. We analyze open-source packages immediately upon publication to identify risk, and enable policy-driven automation for managing that risk. Phylum currently supports Javascript, Typescript, Python, Ruby, Java, .NET, Go and Rust with more languages coming soon. Phylum integrates seamlessly into CI/CD systems like GitHub, GitLab, and more similar to legacy SCA tools, but results in complete supply chain coverage allowing the proactive blocking of dangerous or illegitimate open source packages. In 2022, Phylum's analysis of open-source packages identified thousands of new malicious packages, malicious authors, and supply chain risks that culminated in a massive improvement to open-source software and the first inaugural BlackHat Innovation Spotlight award.
ISMG’s 30 global media properties provide security professionals with industry and geo-specific news, research and educational events.
April 25, 2023 | 05:30 - 08:00 pm PDT
Software Supply Chain Attack Types and How to Block Them