ReversingLabs introduced Spectra Assure Community, a free community resource that makes it easy for software producers to quickly vet open source software packages by providing a comprehensive risk analysis.
Leveraging RL’s Spectra Assure software supply chain security solution, Spectra Assure Community enables developers, repository managers, and engineering teams, among others, to check more than 5 million code packages from open source repositories for malicious code, code tampering, suspicious behaviors, known vulnerabilities, license compliance issues, exposed secrets, and overall package health.
Spectra Assure Community provides a free risk assessment for open source components from the most popular package repositories such as npm, PyPi, and RubyGems. It provides a comprehensive risk assessment for software packages, offering visibility into threats, security, and compliance issues.
This community resource provides these unique insights of OSS packages with:
- Comprehensive analysis: Using Spectra Assure’s proprietary AI-driven complex binary analysis to analyze each component of a software binary for malicious code, tampering, or other risks or threats.
- Advanced threat detection: RL maintains the most complete and up-to-date corpus of malware in the world, which enables unique visibility and detection of emerging threats within OSS repositories.
- Standardized security assurance: The Spectra Assure Risk Assessment is presented in a normalized format for the selected package, allowing users to make a simple comparison.
Spectra Assure Community increases the build quality and security, saves time, and improves traceability to help any development organization deliver safe and on-time builds.
“We can no longer deny that software represents the largest under-addressed attack surface facing businesses today. The threats hiding among open source, proprietary, commercial and third-party code are leaving software producers and enterprise consumers at increasing risk,” said Tomislav Pericin, co-founder and chief software architect, ReversingLabs. “We are committed to helping developers make software safe for all with easily searchable, real-time threat intelligence data about software packages in open source repositories.”