Welcome to the documentation page. Use this as a resource to understand key concepts and get started.
listen.dev provides transparency and control over open source software dependencies.
For developers, it provides dev-time feedback within existing workflows, enabling informed decisions on security, actionable insights for issue resolution, and increased productivity.
Security teams benefit from improved visibility and controls over third-party code behavior, streamlined operations through relevant context, and proactive protection against emerging supply chain threats.
listen.dev is a new take on application security. Unlike traditional approaches which entail developers reactively resolving a list of noisy alerts, listen.dev only surfaces the most critical issues through observability across the development lifecycle. Enriched with relevant context, prioritization and recommendations - listen.dev insights allow developers and security to take control of their third party dependencies and use open source with confidence.
listen.dev can be integrated in:
Compared with traditional dependency scanners and SCA tools which flag for known vulnerabilities through traditional analysis techniques, listen.dev takes a unique behavioural profiling approach using techniques such as eBPF-powered runtime monitoring, LLMs and metadata analysis. This mix of cutting-edge analysis techniques allow for detection of novel threats such as malicious code, install-scripts, obfuscation, and zero-day vulnerabilities even before they become publicly disclosed in CVE databases.
The Supply Chain Levels for Software Artifacts (SLSA) model describes the different attack vectors involved in supply chain attacks. See our detection rules page to understand the threat coverage we provide.