Comment on page Documentation

Welcome to documentation – your go-to resource for getting started, understanding key concepts, and general help.

What is is a security platform created to safeguard developers and organizations from risks originating from 3rd party code. It provides comprehensive visibility and proactive threat detection for malicious and vulnerable open source dependencies, empowering teams to identify and mitigate issues before they cause harm.
  • For developers, it provides real-time feedback inside existing workflows enabling them stay informed on security without compromising on velocity.
  • For security, it provides contextual visibility and guardrails -- allowing them to focus on critical risks and develop proactive security posture against emerging supply chain threats.
Get protected in minutes and use open source with confidence.

Why should I care?

Novel supply chain attacks surge by 700% across all open source ecosystems, posing risk to critical infrastructure, sensitive user data and reputation. As attackers get targeted and more sophisticated, even the first breach can be business-ending. stands out to offer the most comprehensive behavioural coverage over unknown and known supply chain risk. Learn more about this in threat coverage.

How can I use inside my workflows?

With a developer-first approach, our tooling plugs into existing workflows to provide in-line context and remediation guidance for detected issues across the SDLC.
Supported interfaces:
Supported languages and ecosystems: We currently support JavaScript, TypeScript through the npm package manager. Our team is expanding our support to encompass other OSS ecosystems, languages and package managers. Check out our roadmap to see what we have in the works, and get in touch if you have any specific requests or feedback.

How is it different from existing solutions?

Unlike traditional dependency scanners and SCA tools which flag for known vulnerabilities through traditional analysis approaches, takes a unique behavioural profiling approach using a mix of techniques such as eBPF-powered runtime monitoring, LLMs, static and metadata analysis. This layered approach allows for detection of supply chain attacks leveraging malicious code, install-scripts, hidden obfuscation and zero-day vulnerabilities even before they become publicly disclosed in CVE databases.
See the FAQs for additional details and comparisons.

Supported languages and ecosystems

Last modified 4mo ago
© 2023 Garnet Labs