Organizations can leverage default policy or define custom policy, and seamlessly enforce it directly from developer workstations and CI/CD pipelines
EVERGREEN, Colo., April 18, 2023 /PRNewswire/ -- Phylum, The Software Supply Chain Security Company, today announced it has added OPA and continuous reporting to its policy engine. Customers now have more flexibility when creating and enforcing custom policies, and can show compliance with key software supply chain frameworks, regulations and guidelines.
"We built Phylum's policy engine as a security-as-code mechanism to give security and risk teams more visibility into the development lifecycle and allow them to enforce security policy without disruption. Phylum is the only platform that allows organizations to automatically enforce software supply chain security and compliance policy directly in developers' native work environments to block attacks and ensure only trusted code is used," said Pete Morgan, co-founder and CSO at Phylum.
Phylum's policy engine sits directly between the open-source ecosystem and the tools developers use to build source code, in line with the package selection process. It protects directly from an endpoint or plugs directly into a CI/CD pipelines so developers experience seamless, always-on protection and policy enforcement. Additionally, the Phylum Birdcage execution sandbox applies a zero-trust security model to the package installation process, providing defense-in-depth in the event that a software supply chain attack is perpetrated at runtime. This combination allows developers to work in their preferred environments and provides assurance for security teams that only secure and compliant code is being used.
The Phylum platform comes equipped with a default policy that detects risks across five domains - software vulnerabilities, license misuse, OSS malware, author risk and reputation and engineering risk – and blocks attacks. The default policy also allows organizations to comply with software supply chain security regulations in NIST, ISO and more. Leveraging OPA, users with more specific requirements can easily write custom policies as needs evolve. Policy enforcement significantly limits risk and reduces remediation efforts, while continuous reporting allows organizations to keep more thorough records and document security posture on an ongoing basis.
The Phylum Platform is built to provide broad defense immediately upon deployment and scale with organizations as appsec programs mature to address the rapidly evolving software supply chain attack surface. Customers use Phylum to automate vulnerability reachability, detect risks and block attacks, defend developers, define and enforce software supply chain policy and operationalize software bill of materials (SBOMs).
Request a demo here.
About Phylum
Phylum is on a mission to secure the universe of code. Its platform automates software supply chain security to detect new risks, block attacks, prioritize existing issues and allow users to only use open-source code that they trust. The company is built by a team of career security researchers and developers with decades of experience in U.S. Intelligence Community and commercial sectors. Phylum is the winner of the Black Hat 2022 Innovation Spotlight Competition and was named a Top Infosec Innovator by Cyber Defense Magazine. Learn more at https://phylum.io, read The Phylum Research Blog, and follow us on LinkedIn, Twitter and YouTube.
Media contact: [email protected]
SOURCE Phylum
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article