Skip to main content

Welcome! ๐Ÿ‘‹

The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trustโ€‹


Not a user yet? Get the free version here.

Quickstart -> (set up takes less than 10 minutes)

OR install our GitHub App (a free account is created automatically and set up takes 5 minutes)


Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.

Detect & Preventโ€‹

Analyze risks and block threats from entering source code.

Analyze Your First Projectโ€‹

Download and Install the Phylum CLIโ€‹

The Phylum CLI is available for a variety of operating systems on GitHub. However, you can easily install the CLI with the following:

curl https://sh.phylum.io | sh

Install Phylum

Once installed, authenticate your local development environment by running:

phylum auth login

Login

Setup Your Phylum Projectโ€‹

All analysis jobs must be associated with a Phylum project. To setup your project, run the following:

phylum init

Create Project

Analyze your Projectโ€‹

To begin analyzing your project for software supply chain risks, submit your dependency files to Phylum.

Resource: Blog - Python lockfiles

phylum analyze

Analyze Project

(Optional) View Results in the Phylum UIโ€‹

After submitting your project, view the results in the web UI.

View Results

Defend Developersโ€‹

See results in less than 5 minutesโ€‹

Defend your developers and workstations from malicious code and prevent the theft of SSH keys. Block suspect open-source containers automatically by leveraging Phylum Bird Cage (Sandbox) and pre-install checks.

Pre-Install Checks

Contained in the Phylum CLI:

  • Phylum allows you to defend your developers by running pre-install checks, shown in the video above
  • Safely quarantine packages during install with Phylum Sandbox (Birdcage), which will restrict access to the filesystem, network, and environment variables
    • Put these tools into action by running: phylum npm install