ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
black and red cubes building structures evocative of a skyline
Spectra Assure®

Software Supply Chain Security | Plans and Pricing

For Developers and Enterprises to Comprehensively Secure Applications Against Software Supply Chain Attacks

Securing Organizations with ReversingLabs

Community

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / Twitter

100k lookups

$0 per month

For individual developers to understand OSS risks.

Get Started
  • Free Community user account
  • Identify software supply chain risks in OSS packages
  • Develop secure apps with our Visual Studio Code extension
  • Check existing projects for OSS-based risks
Get Started

Community+

1M lookups

$500 per month

For individual developers to automate OSS supply chain protection.

Request Quote
  • All capabilities of the Community Plan
  • Implement CI/CD protections with expanded lookup quota
  • Extend JFrog Artifactory to block unsafe OSS package imports
  • Restrict usage of risky OSS packages in AI-assisted workflows
  • Technical support
Request Quote

Essentials

Inquire for pricing

For security and development teams to protect against software supply chain attacks.

Contact Us
  • All capabilities of Community+ Plan
  • Protect against compromised software
  • Scan proprietary, commercial, and open-source software for malware and tampering
  • Track software evolution through risk insights and differential analysis
  • Generate xBOMs to comply with industry requirements
  • Manage a team of unlimited users with an SSO-capable Portal
  • Integrate into CI/CD pipelines
  • Scan files up to 10GB
Contact Us

Enterprise

Inquire for pricing

For enterprises to comprehensively secure their software supply chain 
end-to-end.

Contact Us
  • All capabilities of Essentials Plan
  • Detect vulnerabilities with reachability analysis and auto-triage
  • Detect sensitive information exposure
  • Understand if applications are properly hardened against attack
  • Gain visibility into licenses and compliance obligations
  • Natively scan LLMs, VMs, and container images
  • Scale to enterprise-wide usage
  • Integrate with ASPM tools
  • Scan large files up to 50GB
  • Premium technical support option
Contact Us

Securing Software with Spectra Assure

AdriaScan

Security assurance for customers and prospects

Customer Story about
Solarwinds

Software supply chain security of large, complex software

Customer Story about
Crogl

Delivering secure AI solutions

Customer Story about undefined
Money

Comprehensive security risk assessment of all new software

Customer Story about undefined

Compare Capabilities Across Plans

FeatureCommunityCommunity+EssentialsEnterprise
Public Open-Source Software packages
First-party, proprietary software
Third-party, commercial software
Packaged software applications
Broad file type supportOnly supported communitiesOnly supported communities
User upload limitUnsupportedUnsupportedUp to 10GB/fileUp to 50GB/file
Advanced malware threat detection
Code tampering detection
Software behaviors identification
Reproducible build analysis
Version differential analysis
Known Vulnerability/CVE detection
Secret detection with liveness checks
Software license analysis
Application hardening analysis
Software quality (SQ) policies
Threat hunting (TH) policies
Code behavior (BH) policies
Custom YARA (YR) policies
Scanning policy configuration
Import/Export policy profiles
SAFE Level assessment
Customizable SAFE Levels
Review public OSS results
Review custom analysis results
Analysis of user uploads
Analysis of CI/CD artifacts
Analysis of remotely hosted packages
Secure analysis report sharing
Manage software approvals
Auto-approval for passing scan
Track software package versioning
Monitor software quality trends
Novel malware detection by proprietary RL engines
Known malicious OSS package detection
Automatic triage of common third-party false positives
Analyst-vetted malware detections
Known protest, advertising, and potentially unwanted component detection
Network reference threat detection
Insights into code behaviors related to malware activity
Behavior prevalence in OSS communities
Novel supply chain attack detection through differential analysis
Insights into malware detections from third-party engines
Behavior prevalence in ReversingLabs threat repository
Software installation events audit
Detection of unsafe digital signature cryptography usage
Detection of expired, revoked, malformed, and blacklisted certificate usage
Failed integrity validation checks
Full digital signature details
Detection of private keys and certificates
Detection of hardcoded web service credentials, tokens, and keys
Public secret exposure detection
Secret liveness verification
Automatic triage of commonly shared secrets
Source-code leakage detection
Debugging symbol leakage detection
Declaration of canary tokens
Known vulnerabilities from public sources (NVD, OSV, GitHub, KEV, etc.)
Proprietary vulnerability exploitation intelligence
AI-enriched vulnerability descriptions and CVSS
Automatic vulnerability triage
Vulnerability remediation guidance
SBOM generation from OSS packages
CycloneDX support
SBOM generation from compiled binaries
SPDX support
Statically-linked component identification
Component hierarchy exploration
SBOM editing and VEX declarations
ML-BOM/AI-BOM generation
AI model safety and trust
SaaSBOM generation
CBOM generation
File extraction statistics
Component age data
Software license text
CycloneDX export
SPDX export
SARIF export
Networking URIs export
PDF summary export
HTML report export
JSON report export
RL-SAFE archive export
Vulnerabilities export
VS Code IDE extension
OpenAI Custom ChatGPT
MCP Server
Claude Code Skill
GitHub Actions
JFrog Artifactory
Docker images for CI/CD scanning
Azure DevOps extension
GitLab CI/CD
Jenkins
TeamCity
Python SDK for REST API
ServiceNow® SBOM module
ASPM tools
Windows packages
Linux packages
macOS packages
AI/ML models and formats
Cryptographic algorithms, protocols, and certificates
Development plugins
Virtual machine disk images
Container images
.NET (C#, F#, VB.NET)
Node.js
PowerShell
Python
Ruby
AutoIt
C/C++
Delphi
Go
Java
JavaScript
PHP
Rust
Shell
Visual Basic
Web/SaaS Portal
REST API
API tokens1010UnlimitedUnlimited
Aggregate API lookups100k/mo1M/moUnlimitedUnlimited
SOC2 Type II compliant
Single-user management
CLI tools
Multi-user management
Single sign-on (SSO) via SAML or OIDC
Role-based access control (RBAC)
Organization and group management
Unlimited package retention
Unlimited package rescans
Community support
Email-only support
Malware confirmation by a human expert
Standard or premium support

Frequently Asked Questions

The plans are designed as tiers—you select the one that matches your coverage and workflow requirements. If you're unsure which plan fits your use case, contact us to review your scanning requirements and deployment context.

Yes. While the contract terms are year or multi-year, you can always contact us for changes, and we can pro-rate your contract.

Each tier provides a tailored level of support. For the Essentials and Enterprise tiers a premium 24x7 support option is available.

Yes. Spectra Assure supports a wide range of options including out-of-the box integrations for CI/CD pipelines, artifact repositories, and ASPM platforms.  Further customization is possible with APIs and an SDK.

It depends on the tier. Community and Community+ plans focus on open-source package ecosystems. Essentials and Enterprise plans cover both open-source packages and proprietary and commercial software.

Detailed documentation is available at docs.secure.software.

LinkedInLinkedIn
FacebookFacebook
InstagramInstagram
YouTubeYouTube
blueskyBluesky
RSSRSS
Back to Top
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Menu
Request a demo