Typosquatting attacks, Malicious takeovers, ATO attacks, Makefile pollution, Bitcoin mining, Accidental injections, Botnet code injections, Environment and credential stealing, Viruses, Package tampering, Brandjacking, Dependency confusion
Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.
Mend Supply Chain Defender can be deployed by individual developers via a plugin to their package managers. Alternatively, enterprises using JFrog Artifactory and Mend SCA Enterprise can activate Mend Supply Chain Defender in a centralized fashion to protect all projects linked to their JFrog Artifactory registries.
If you are using Mend SCA Enterprise and JFrog Artifactory, you can automatically prevent malicious software packages from entering your codebase. One simple plugin integration protects all projects from supply chain attacks.
Mend Supply Chain Defender enables you to define policies to allow or block package downloads, based on your organization’s specific needs and processes.
Require packages to be approved by lead developers.
Build rules around packages and their versioning.
Control usage of libraries with licenses that are problematic to your organization.