Skip to main content

Welcome! ๐Ÿ‘‹

The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trustโ€‹


๐Ÿ’ก INFO ๐Ÿ’ก

The free Community version of Phylum was sunset on 24 February 2025. Phylum is now only available for teams and Enterprise organizations. Unfortunately, this means we are no longer supporting individual licensing. We invite existing users to convert to a paid version of the product.

Not a user yet? Connect with the Veracode sales team to create an account.

Quickstart -> (set up takes less than 10 minutes)

OR install our GitHub App


Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.

Detect & Preventโ€‹

Analyze risks and block threats from entering source code.

Analyze Your First Projectโ€‹

Download and Install the Phylum CLIโ€‹

The Phylum CLI is available for a variety of operating systems on GitHub. However, you can easily install the CLI with the following:

curl https://sh.phylum.io | sh

Install Phylum

Once installed, authenticate your local development environment by running:

phylum auth login

Login

Setup Your Phylum Projectโ€‹

All analysis jobs must be associated with a Phylum project. To setup your project, run the following:

phylum init

Create Project

Analyze your Projectโ€‹

To begin analyzing your project for software supply chain risks, submit your dependency files to Phylum.

Resource: Blog - Python lockfiles

phylum analyze

Analyze Project

(Optional) View Results in the Phylum UIโ€‹

After submitting your project, view the results in the web UI.

View Results

Defend Developersโ€‹

See results in less than 5 minutesโ€‹

Defend your developers and workstations from malicious code and prevent the theft of SSH keys. Block suspect open-source containers automatically by leveraging Phylum Bird Cage (Sandbox) and pre-install checks.

Pre-Install Checks

Contained in the Phylum CLI:

  • Phylum allows you to defend your developers by running pre-install checks, shown in the video above
  • Safely quarantine packages during install with Phylum Sandbox (Birdcage), which will restrict access to the filesystem, network, and environment variables
    • Put these tools into action by running: phylum npm install