listen.dev uses runtime analysis to detect and block suspicious dependencies and network activity in your build pipelines. Prevent supply chain attacks like SolarWinds, Codecov and event-stream before they cause harm.
Gain full, continuous observability of your supply chain within minutes. listen.dev provides deep context into your dev pipelines and assets, allowing you to enforce the right controls best suited for your environment.
Leverage the power of eBPF to profile kernel-level interactions (such as network, file access and process activity) and capture baselines at every build. Alert teams of anomalies and drift to proactively ensure build integrity and detect tampering.
Our lightweight CI agent proactively detects and blocks suspicious activity and malware at the kernel-level. Lock down your build pipelines through hardening, artifact integrity, monitoring for sensitive data leaks
Set assurance policies across build pipelines and 3rd-party dependencies. Get alerted to suspicious activity, enforce security standards and ensure pipeline integrity.
Seamlessly integrate with your workflows using our GitHub action and app in minutes. Get alerted inside your existing dev tools through webhooks.
Get deep visibility into your open source supply chain attack surface for npm and PyPi dependencies. Detect modern supply chain risks such as typosquatting, install script execution, integrity mismatch and malware.
Use AI to contextualize and correlate risks to reduce false positives. Tailor alerts to your specific needs to act on events that are actually critical to the organization.
A discussion of NIST SP 800-204D's latest guidelines for fortifying CI/CD pipelines against modern supply chain threats....
A technical deep dive into the recent supply chain breach at Ledger and how dynamic analysis of behavior can prevent such threats ...
One of the largest threat surfaces in the open source software supply...