Detect malicious activity, tampering and exfiltration in your dependencies and build processes. Protect your applications, data and assets from breaches—in time.
Detect malicious packages from npm and PyPi to prevent attacks like event-stream, PyTorch and Ledger. In-depth SCA provides visibility into risks including typo squatting, install script execution, namespace confusion and takeover.
Detect tampering and sensitive data exfiltration to prevent attacks like Solarwinds and CodeCov. listen.dev monitors the runtime behavior for every build and allows you to see and filter network traffic using allowlists.
Get alerted to scenarios such as dependency code reading sensitive assets (e.g environment variables, access tokens) and outbound network connections outside allowlist. Apply policies across dependency risks and network controls during CI builds.
Comply with industry standards and frameworks such as NIST 800-204D, FedRAMP, and SBOMs.
Profile kernel-level interactions (such as network, file access and process activity) and capture behavioural baselines for each build. Monitor for anomalies such as suspicious network connections outside allowlist.
Reduce false positives by only surfacing alerts that are actually critical to you. Use AI techniques such as similarity search to contextualize and correlate risks.
Unveiling the malicious npm packages published by the APT group...
A discussion of NIST SP 800-204D's latest guidelines for fortifying CI/CD pipelines against modern supply chain threats....
A technical deep dive into the recent supply chain breach at Ledger and how dynamic analysis of behavior can prevent such threats ...