Phylum Description

Phylum defends applications at the perimeter of the open-source ecosystem and the tools used to build software. Its automated analysis engine scans third-party code as soon as it’s published into the open-source ecosystem to vet software packages, identify risks, inform users and block attacks. Think of Phylum like a firewall for open-source code. Phylum can be deployed in front of artifact repository managers, integrate directly with package managers or be deployed in CI/CD pipelines. Phylum users benefit from its powerful, automated analysis engine that reports proprietary findings instead of relying on manually curated lists. Phylum uses SAST, heuristics, machine learning and artificial intelligence to detect and report zero-day findings. Users know more risks, sooner and earlier in the development lifecycle for the strongest software supply chain defense. The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more. Additionally, the flexibility of OPA enables customers to develop incredibly flexible and granular policies that fit their unique needs.

Phylum Alternatives
Revenera SCA Reviews
Revenera SCA
Take control of your open-source software management. Your organization can manage open source software (OSS), and third-party components. FlexNet Code Insight assists development, legal, and security teams to reduce open-source security risk and ensure license compliance using an end-to-end solution. FlexNet Code Insight provides a single integrated solution to open source license compliance. Identify vulnerabilities and mitigate them while you are developing your products and throughout their lifecycle. You can manage open source license compliance, automate your processes, and create an OSS strategy that balances risk management and business benefits. Integrate with CI/CD, SCM tools, and build tools. Or create your own integrations with the FlexNet CodeInsight REST API framework. This will make code scanning simple and efficient.
Learn more
Mend.io Reviews
Mend.io
(1 Rating)
Mend.io’s enterprise suite of app security tools, trusted by leading companies such as IBM, Google and Capital One, is designed to help build and manage an mature, proactive AppSec programme. Mend.io is aware of the AppSec needs of both developers and security teams. Mend.io, unlike other AppSec tools that force everyone to use a unified tool, helps them work together by giving them different, but complementary tools - enabling each team to stop chasing vulnerability and start proactively management application risk.
Learn more
Kiuwan Code Security Reviews
Kiuwan Code Security
(11 Ratings)
Security Solutions for Your DevOps Process Automate scanning your code to find and fix vulnerabilities. Kiuwan Code Security is compliant with the strictest security standards, such OWASP or CWE. It integrates with top DevOps tools and covers all important languages. Static application security testing and source analysis are both effective, and affordable solutions for all sizes of teams. Kiuwan provides a wide range of essential functionality that can be integrated into your internal development infrastructure. Quick vulnerability detection: Simple and quick setup. You can scan your area and receive results in minutes. DevOps Approach to Code Security: Integrate Kiuwan into your Ci/CD/DevOps Pipeline to automate your security process. Flexible Licensing Options. There are many options. One-time scans and continuous scanning. Kiuwan also offers On-Premise or Saas models.
Learn more
GitGuardian Reviews
GitGuardian
(32 Ratings)
GitGuardian is a global cybersecurity startup focusing on code security solutions for the DevOps generation. A leader in the market of secrets detection and remediation, its solutions are already used by hundred thousands developers in all industries. GitGuardian helps developers, cloud operation, security and compliance professionals secure software development, define and enforce policies consistently and globally across all their systems. GitGuardian solutions monitor public and private repositories in real-time, detect secrets and alert to allow investigation and quick remediation.
Learn more

Pricing

Free Trial:
Yes

Integrations

API:
Yes, Phylum has an API
View Integrations

Reviews

Total
ease
features
design
support

No User Reviews. Be the first to provide a review:

Write a Review

Company Details

Company:
Phylum
Year Founded:
2020
Headquarters:
United States
Website:
phylum.io
Update This Listing

Media

Phylum Screenshot 1
Phylum Screenshot 1 Phylum Screenshot 2 Phylum Screenshot 3 Phylum Screenshot 4 Phylum Screenshot 5 Phylum Screenshot 6
Recommended Products
Multi-Tenant Analytics Software Built for Development Teams Icon
Multi-Tenant Analytics Software Built for Development Teams

Qrvey is the only solution for embedded analytics with a built-in data lake.

Qrvey saves engineering teams time and money with a turnkey solution connecting your data warehouse to your SaaS application.
Try Developer Playground

Product Details

Platforms
SaaS
Windows
Mac
Linux
On-Premises
Type of Training
Documentation
Live Online
Videos
Customer Support
Online

Phylum Features and Options

Application Security Software

Analytics / Reporting
Open Source Component Monitoring
Source Code Analysis
Third-Party Tools Integration
Training Resources
Vulnerability Detection
Vulnerability Remediation

DevOps Software

Approval Workflow
Dashboard
KPIs
Policy Management
Portfolio Management
Prioritization
Release Management
Timeline Management
Troubleshooting Reports

Phylum Lists

Phylum User Reviews

Write a Review
  • Previous
  • Next