Welcome! ๐
The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trustโ
Not a user yet? Get the free version here.
Quickstart -> (set up takes less than 10 minutes)
OR install our GitHub App (a free account is created automatically and set up takes 5 minutes)
Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.
Detect & Preventโ
Analyze risks and block threats from entering source code.
Analyze Your First Projectโ
Download and Install the Phylum CLIโ
The Phylum CLI is available for a variety of operating systems on GitHub. However, you can easily install the CLI with the following:
curl https://sh.phylum.io | sh
Once installed, authenticate your local development environment by running:
phylum auth login
Setup Your Phylum Projectโ
All analysis jobs must be associated with a Phylum project. To setup your project, run the following:
phylum init
Analyze your Projectโ
To begin analyzing your project for software supply chain risks, submit your dependency files to Phylum.
Resource: Blog - Python lockfiles
phylum analyze
(Optional) View Results in the Phylum UIโ
After submitting your project, view the results in the web UI.
Defend Developersโ
See results in less than 5 minutesโ
Defend your developers and workstations from malicious code and prevent the theft of SSH keys. Block suspect open-source containers automatically by leveraging Phylum Bird Cage (Sandbox) and pre-install checks.
Contained in the Phylum CLI:
- Phylum allows you to defend your developers by running pre-install checks, shown in the video above
- Safely quarantine packages during install with Phylum Sandbox
(Birdcage), which will restrict
access to the filesystem, network, and environment variables
- Put these tools into action by running:
phylum npm install
- Put these tools into action by running: