Welcome! πŸ‘‹

The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trust.

Not a user yet? Get the free version here.

Quickstart -> (set up takes less than 10 minutes)

OR install our GitHub App (a
free account is created automatically and set up takes 5 minutes)

Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.

Detect & Prevent

Analyze risks and block threats from entering source code.

Analyze Your First Project

Download and Install the Phylum CLI

The Phylum CLI is available for a variety of operating systems on
. However, you can
easily install the CLI with the following:

curl https://sh.phylum.io | sh

Install Phylum

Once installed, authenticate your local development environment by running:

phylum auth login


Setup Your Phylum Project

All analysis jobs must be associated with a Phylum project. To setup your
project, run the following:

phylum init

Create Project

Analyze your Project

To begin analyzing your project for software supply chain risks, submit your
lockfiles to Phylum.

Resource: https://blog.phylum.io/insights-and-resources/pick-a-python-lockfile-and-improve-security

phylum analyze

Analyze Project

(Optional) View Results in the Phylum UI

After submitting your project, view the results in the web

View Results

Defend Developers

(See results in less than 5 minutes)

Defend your developers and workstations from malicious code and prevent the
theft of SSH keys. Block suspect open-source containers automatically by
leveraging Phylum Bird Cage (Sandbox) and pre-install checks.

Pre-Install Checks

  • Contained in the Phylum CLI:
  • Phylum allows you to defend your developers by running pre-install checks,
    shown in the video above.
  • Safely quarantine packages during install with Phylum Sandbox
    , which will restrict
    access to the filesystem, network, and environment variables.
    • Put these tools into action by running: phylum npm install

What’s Next