Comment on page
Welcome to listen.dev documentation – your go-to resource for getting started, understanding key concepts, and general help.
listen.dev is a security platform created to safeguard developers and organizations from risks originating from 3rd party code. It provides comprehensive visibility and proactive threat detection for malicious and vulnerable open source dependencies, empowering teams to identify and mitigate issues before they cause harm.
- For developers, it provides real-time feedback inside existing workflows enabling them stay informed on security without compromising on velocity.
- For security, it provides contextual visibility and guardrails -- allowing them to focus on critical risks and develop proactive security posture against emerging supply chain threats.
Novel supply chain attacks surge by 700% across all open source ecosystems, posing risk to critical infrastructure, sensitive user data and reputation. As attackers get targeted and more sophisticated, even the first breach can be business-ending. listen.dev stands out to offer the most comprehensive behavioural coverage over unknown and known supply chain risk. Learn more about this in threat coverage.
With a developer-first approach, our tooling plugs into existing workflows to provide in-line context and remediation guidance for detected issues across the SDLC.
Unlike traditional dependency scanners and SCA tools which flag for known vulnerabilities through traditional analysis approaches, listen.dev takes a unique behavioural profiling approach using a mix of techniques such as eBPF-powered runtime monitoring, LLMs, static and metadata analysis. This layered approach allows for detection of supply chain attacks leveraging malicious code, install-scripts, hidden obfuscation and zero-day vulnerabilities even before they become publicly disclosed in CVE databases.
Last modified 4mo ago