Malicious package publication is a growing threat — and they could already be in your applications.

Read the report

Mend Supply Chain Defender

Mitigate Open Source Supply Chain Risks

Prevent malicious open source software from entering your code base.

Protect Yourself Against:

Typosquatting attacks, Malicious takeovers, ATO attacks, Makefile pollution, Bitcoin mining, Accidental injections, Botnet code injections, Environment and credential stealing, Viruses, Package tampering, Brandjacking, Dependency confusion

Over 92M

SECURED PACKAGES CHECKS

Over 700K

PACKAGES SCANNED

Over 4500

MALICIOUS PACKAGES DETECTED

Over 5000

REVIEWS PERFORMED

How It Works

Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.

Mend Supply Chain Defender can be deployed by individual developers via a plugin to their package managers. Alternatively, enterprises using JFrog Artifactory and Mend SCA Enterprise can activate Mend Supply Chain Defender in a centralized fashion to protect all projects linked to their JFrog Artifactory registries.

Block malicious software
from JFrog Artifactory

If you are using Mend SCA Enterprise and JFrog Artifactory, you can automatically prevent malicious software packages from entering your codebase. One simple plugin integration protects all projects from supply chain attacks.

Control the Entire Process of
Open Source Dependency Use

Mend Supply Chain Defender enables you to define policies to allow or block package downloads, based on your organization’s specific needs and processes.

Require packages to be approved by lead developers.

Build rules around packages and their versioning.

Control usage of libraries with licenses that are problematic to your organization.

Need More Info? Read Our Docs

Mend.io (formerly WhiteSource) effortlessly secures applications without burdening the developers who create them. With over a decade of experience helping more than 1,000 organizations build next-gen AppSec programs, our technology improves security outcomes while accelerating development.

;