Welcome! πŸ‘‹

The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trust.


Not a user yet? Get the free version here.

Quickstart -> (set up takes less than 10 minutes)

OR install our GitHub App (a
free account is created automatically and set up takes 5 minutes)


Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.

Detect & Prevent

Analyze risks and block threats from entering source code.

Analyze Your First Project

Download and Install the Phylum CLI

The Phylum CLI is available for a variety of operating systems on
GitHub
. However, you can
easily install the CLI with the following:

curl https://sh.phylum.io | sh

Install Phylum

Once installed, authenticate your local development environment by running:

phylum auth login

Login

Setup Your Phylum Project

All analysis jobs must be associated with a Phylum project. To setup your
project, run the following:

phylum init

Create Project

Analyze your Project

To begin analyzing your project for software supply chain risks, submit your
lockfiles to Phylum.

Resource: https://blog.phylum.io/insights-and-resources/pick-a-python-lockfile-and-improve-security

phylum analyze

Analyze Project

(Optional) View Results in the Phylum UI

After submitting your project, view the results in the web
UI
.

View Results

Defend Developers

(See results in less than 5 minutes)

Defend your developers and workstations from malicious code and prevent the
theft of SSH keys. Block suspect open-source containers automatically by
leveraging Phylum Bird Cage (Sandbox) and pre-install checks.

Pre-Install Checks

  • Contained in the Phylum CLI:
  • Phylum allows you to defend your developers by running pre-install checks,
    shown in the video above.
  • Safely quarantine packages during install with Phylum Sandbox
    (Birdcage)
    , which will restrict
    access to the filesystem, network, and environment variables.
    • Put these tools into action by running: phylum npm install

What’s Next