P

Phylum

www.phylum.io link_icon
browser_icon
Website www.phylum.io
lightning_bolt Market Research

Phylum, Inc. - Company Research Report



Company Overview



Name: Phylum, Inc.
Mission: Secure the universe of code by identifying risks in open-source software packages before they are installed to inform users, block attacks, and prevent software supply chain threats.
Founding Details:
  • When Founded: No information is available

  • Founders: Aaron Bray (CEO & Co-Founder), Louis Lang (CTO & Co-Founder), Pete Morgan (Co-Founder)

Key People:
  • Aaron Bray - CEO & Co-Founder

  • Louis Lang - CTO & Co-Founder

  • Pete Morgan - Co-Founder

  • Eric Freitag - Chief Software Engineer

  • Mikala Vidal - CRO

  • Brad Crawford - VP of Product

  • Ross Bryant - Head of Security Research

Headquarters: No information is available
Number of Employees: No information is available
Revenue: No information is available
Core Focus: Phylum is known for its proactive approach to software supply chain security, particularly focusing on open-source software packages. Their platform uses SAST, heuristics, and ML/AI to detect and mitigate malicious packages, software vulnerabilities, and other risks within the software development lifecycle.

Products



1. Phylum Platform


High-level Description:


Phylum's primary product is a comprehensive software supply chain security platform that analyzes and mitigates risks associated with open-source software packages. It provides real-time detection and blocking of malicious code before it can affect a system.

Key Features:


  • Proprietary Analysis Engine: Uses static application security testing (SAST), heuristics, and ML/AI to detect zero-day vulnerabilities.

  • Risk Coverage: Identifies risks including malicious code, author reputation, engineering risk, abandoned packages, license issues, and software vulnerabilities.

  • Customizable Policies: Organizations can set flexible policies to map risks to their specific threat models.

  • Historical Package Lookup: Enables users to investigate historical packages, even those removed from repositories.

  • Continuous Monitoring: Provides alerts for new issues or changes in package behavior.


2. Phylum Threat Feed


High-level Description:


A real-time API of software supply chain attacks that provides high-fidelity threat data for organizations to enrich their security posture and analytics tools.

Key Features:


  • Risk Reporting: Includes details on malware, credential stealers, typosquatting, backdoors, and nation-state attacks.

  • JSON API: Supplies actionable threat data that can be integrated with other security products.

  • In-depth Monitoring: Covers multiple open-source ecosystems including npm, PyPI, RubyGems, Crates.io, NuGet, Maven Central, and Golang.


3. SBOM Generation and Ingestion


High-level Description:


Phylum offers a suite of capabilities for generating and ingesting SBOMs (Software Bill of Materials) to enhance internal software value chain observability and manage third-party application risks.

Key Features:


  • Policy Framework: Define policies to ensure compliance with internal and regulatory requirements.

  • Stakeholder Onboarding: Facilitates stakeholder integration for comprehensive risk management.

  • Continuous Monitoring: Automated monitoring and alerting for new risks or issues related to ingested SBOMs.


Recent Developments



Recent Developments:


  • Rust Malware Detection: Phylum identified and stopped malicious packages targeting the Rust ecosystem.

  • npm Attack Mitigation: Ongoing efforts to thwart highly-targeted attacks on the npm ecosystem, uncovering packages communicating with command-and-control servers.

  • Supply Chain Attacks: Identified multiple sophisticated malware campaigns designed to steal company source code and sensitive information from developers.


New Products Launched:


  • Phylum Threat Feed: Provides a curated view of software supply chain attacks and malicious packages within open-source ecosystems.


New Features Added:


  • Enhanced Policy Customization: New capabilities for users to create highly granular policies tailored to specific organizational needs and regulatory requirements.

  • Historical Package Lookup: Allows users to query historical data for incident response and policy adherence.

  • SBOM Integration and Monitoring: Extended support for generating and ingesting various SBOM formats like SPDX and CycloneDX to provide actionable risk insights.


Partnerships:


  • AWS Marketplace: Available on AWS Marketplace, strengthening integrations with other cloud-based solutions to enhance software supply chain security.


This report synthesizes key data about Phylum, Inc. to provide a comprehensive overview of the company's positioning, products, and recent advancements in the field of software supply chain security.
Browse SuperAGI Directories
agi_contact_icon
People Search
agi_company_icon
Company Search
AGI Platform For Work Accelerate business growth, improve customer experience & dramatically increase productivity with Agentic AI
Digital Workers & Agent native Softwares for GTM Teams
Get the SuperSales Mobile App and Browser Extension
app_store google_play chrome_extension