Phylum

Phylum specializes in providing a software supply chain security platform designed to automate security processes, contextualize risks, block attacks, and ensure the use of trusted open-source code. The platform offers analysis across five domains to proactively block threats before they reach a developer’s workstation and is available on AWS Marketplace. Phylum supports a variety of programming languages and package managers, including JavaScript/TypeScript via npm, Python via PyPI, Ruby via RubyGems, Java via Maven, C#/.NET via NuGet, Rust, and Go.

Phylum offers several plans tailored to different needs. The free plan is aimed at individual developers and includes features such as a single user account, support for up to 5 projects, full language coverage, risk scoring, SBOM creation, and community support. The Teams plan provides enhanced security visibility and includes up to 350 users, group accounts, unlimited projects, event logs, reporting, custom policy, and standard support. For larger organizations, the Enterprise plan offers custom solutions for 350+ users, with options for SaaS or on-premise deployment, premium support, and custom integrations. Additionally, Phylum provides a threat feed of open-source malware available as an annual subscription.

Phylum has established partnerships with major platforms and security companies such as GitHub, GitLab, Bitbucket, Azure DevOps, Dazz, Sophos, Tines, and AWS Marketplace to strengthen software supply chain security defenses. The company is driven by a mission to secure the universe of code, backed by a team of seasoned security researchers and developers with extensive experience in the U.S. Intelligence community and commercial sectors.