Evaluate the risk of all your open source dependencies, and keep malicious, deprecated and risky dependencies out of your code.
Consider vulnerabilities, but also surface other forms of risk, including abandoned packages, single-maintainer packages and malicious packages
Create and implement custom policies that flag and/or block open source packages with low trust scores and known CVEs. Surface these risks to developers as part of their existing workflows and tools, and guide them to safer open source alternatives
Obtain license information for open source packages, know permissiveness levels, and verify that your repositories have the correct license files
Share your email address for updates.
Let's collaborate on projects.
We love feedback and ideas.
