Welcome! πŸ‘‹

The Phylum Platform automates software supply chain security to block new risks, prioritize existing issues and only use open-source code that you trust.

Not a user yet? Get the free version here.

Quickstart -> (set up takes less than 10 minutes)

OR install our GitHub App (a free account is created automatically and set up takes 5 minutes)

Phylum provides a comprehensive, scalable approach to defending your software supply chain. Get started with one or all of the below capabilities.

Detect & Prevent

Analyze risks and block threats from entering source code.

Analyze Your First Project

Download and Install the Phylum CLI

The Phylum CLI is available for a variety of operating systems on GitHub. However, you can easily install the CLI with the following:

curl https://sh.phylum.io | sh

Install PhylumInstall Phylum

Once installed, authenticate your local development environment by running:

phylum auth login


Create a New Phylum Project

All analysis jobs must be associated with a Phylum project. To create a project, run the following:

phylum project create <projectName>

Create ProjectCreate Project

Analyze your Project

To begin analyzing your project for software supply chain risks, submit a lockfile to Phylum.

Resource: https://blog.phylum.io/insights-and-resources/pick-a-python-lockfile-and-improve-security

phylum analyze <lockfile>

Analyze ProjectAnalyze Project

(Optional) View Results in the Phylum UI

After submitting your project, view the results in the web UI.
View ResultsView Results

Defend Developers

(See results in less than 5 minutes)

Defend your developers and workstations from malicious code and prevent the theft of SSH keys. Block suspect open-source containers automatically by leveraging Phylum Bird Cage (Sandbox) and pre-install checks.
Pre-Install ChecksPre-Install Checks

  • Contained in the Phylum CLI:
  • Phylum allows you to defend your developers by running pre-install checks, shown in the video above.
  • Safely quarantine packages during install with Phylum Sandbox (Birdcage), which will restrict access to the filesystem, network, and environment variables.
    • Put these tools into action by running: phylum npm install

What’s Next