Typosquatting attacks, Malicious takeovers, ATO attacks, Makefile pollution, Bitcoin mining, Accidental injections, Botnet code injections, Environment and credential stealing, Viruses, Package tampering, Brandjacking, Dependency confusion
Mend Supply Chain Defender can be deployed by individual developers via a plugin to their package managers. Alternatively, enterprises using JFrog Artifactory and Mend SCA Enterprise can activate Mend Supply Chain Defender in a centralized fashion to protect all projects linked to their JFrog Artifactory registries.
If you are using Mend SCA Enterprise and JFrog Artifactory, you can automatically prevent malicious software packages from entering your codebase. One simple plugin integration protects all projects from supply chain attacks.
Mend Supply Chain Defender enables you to define policies to allow or block package downloads, based on your organization’s specific needs and processes.
Require packages to be approved by lead developers.
Build rules around packages and their versioning.
Control usage of libraries with licenses that are problematic to your organization.