Kusari Inspector seamlessly integrates software supply chain security analysis into your pull requests. Identify, manage, and mitigate supply chain risks early and effortlessly within your workflow using powerful AI and dependency graph analysis. Detects vulnerabilities, leaked secrets, workflow issues, risky dependencies, license concerns, and other supply chain threats—before code is merged.

Detailed description

Features

• Pull Request Inspection & Analysis: Trigger comprehensive supply chain security scans on every new or updated PR
• Instant In-PR Feedback: Clearly annotated reports in seconds right within your PRs
• Dependency Risk Assessment: Know about risky, low-trust or vulnerable dependencies early in development
• Understand Transitive Dependencies: Full understanding of your dependency tree to determine the likelihood of exploitation and risk
• Intelligent Vulnerability Ranking: Factor in CVSS, EPSS and KEV to determine the criticality of the vulnerability (along with the context of where it lives in the dependency tree)
• Actionable Insights: Clear go/no go direction with remediation suggestions and clear steps on what needs to be done to mitigate the risk

Benefits

• Catch insecure dependencies and risky code early, less back-and-forth with security
• Empowered by context-rich, security-aware reviews directly in pull requests
• Inline explanations help build secure coding habits over time
• Know what’s safe to merge with clear guidance and fixes

Currently Supported Languages

• Golang (Go) - go.mod, go.sum
• Node.js (NPM) - package-lock.json, yarn.lock
• Python (PyPI) - requirements.txt, poetry.lock, pipfile.lock
• Java (Maven) - pom.xml, gradle.lockfile, buildscript-gradle.lockfile
• Ruby (RubyGems) - gemfile.lock
• Rust (Cargo) - cargo.lock

Coming Soon

• .NET (Nuget)

Support

For support, feature requests, or feedback, contact our support team:

• Email: [email protected]
• Website: https://kusari.dev