Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial
Securing Organizations with ReversingLabs
Community
100k lookups
$0 per month
For individual developers to understand OSS risks.
- Free Community user account
- Identify software supply chain risks in OSS packages
- Develop secure apps with our Visual Studio Code extension
- Check existing projects for OSS-based risks
Community+
1M lookups
$500 per month
For individual developers to automate OSS supply chain protection.
- All capabilities of the Community Plan
- Implement CI/CD protections with expanded lookup quota
- Extend JFrog Artifactory to block unsafe OSS package imports
- Restrict usage of risky OSS packages in AI-assisted workflows
Essentials
Inquire for pricing
For security and development teams to protect against software supply chain attacks.
- All capabilities of Community+ Plan
- Protect against compromised software
- Scan proprietary, commercial, and open-source software for malware and tampering
- Track software evolution through risk insights and differential analysis
Enterprise
Inquire for pricing
For enterprises to comprehensively secure their software supply chain end-to-end.
- All capabilities of Essentials Plan
- Detect vulnerabilities with reachability analysis and auto-triage
- Detect sensitive information exposure
- Understand if applications are properly hardened against attack
Securing Software with Spectra Assure
Compare Capabilities Across Plans
| Feature | Community | Community+ | Essentials | Enterprise |
|---|---|---|---|---|
| Public Open-Source Software packages | ||||
| First-party, proprietary software | ||||
| Third-party, commercial software | ||||
| Packaged software applications | ||||
| Broad file type support | Only supported communities | Only supported communities | ||
| User upload limit | Unsupported | Unsupported | Up to 10GB/file | Up to 50GB/file |
| Advanced malware threat detection | ||||
| Code tampering detection | ||||
| Software behaviors identification | ||||
| Reproducible build analysis | ||||
| Version differential analysis | ||||
| Known Vulnerability/CVE detection | ||||
| Secret detection with liveness checks | ||||
| Software license analysis | ||||
| Application hardening analysis | ||||
| Software quality (SQ) policies | ||||
| Threat hunting (TH) policies | ||||
| Code behavior (BH) policies | ||||
| Custom YARA (YR) policies | ||||
| Scanning policy configuration | ||||
| Import/Export policy profiles | ||||
| SAFE Level assessment | ||||
| Customizable SAFE Levels | ||||
| Review public OSS results | ||||
| Review custom analysis results | ||||
| Analysis of user uploads | ||||
| Analysis of CI/CD artifacts | ||||
| Analysis of remotely hosted packages | ||||
| Secure analysis report sharing | ||||
| Manage software approvals | ||||
| Auto-approval for passing scan | ||||
| Track software package versioning | ||||
| Monitor software quality trends | ||||
| Novel malware detection by proprietary RL engines | ||||
| Known malicious OSS package detection | ||||
| Automatic triage of common third-party false positives | ||||
| Analyst-vetted malware detections | ||||
| Known protest, advertising, and potentially unwanted component detection | ||||
| Network reference threat detection | ||||
| Insights into code behaviors related to malware activity | ||||
| Behavior prevalence in OSS communities | ||||
| Novel supply chain attack detection through differential analysis | ||||
| Insights into malware detections from third-party engines | ||||
| Behavior prevalence in ReversingLabs threat repository | ||||
| Software installation events audit | ||||
| Detection of unsafe digital signature cryptography usage | ||||
| Detection of expired, revoked, malformed, and blacklisted certificate usage | ||||
| Failed integrity validation checks | ||||
| Full digital signature details | ||||
| Detection of private keys and certificates | ||||
| Detection of hardcoded web service credentials, tokens, and keys | ||||
| Public secret exposure detection | ||||
| Secret liveness verification | ||||
| Automatic triage of commonly shared secrets | ||||
| Source-code leakage detection | ||||
| Debugging symbol leakage detection | ||||
| Declaration of canary tokens | ||||
| Known vulnerabilities from public sources (NVD, OSV, GitHub, KEV, etc.) | ||||
| Proprietary vulnerability exploitation intelligence | ||||
| AI-enriched vulnerability descriptions and CVSS | ||||
| Automatic vulnerability triage | ||||
| Vulnerability remediation guidance | ||||
| SBOM generation from OSS packages | ||||
| CycloneDX support | ||||
| SBOM generation from compiled binaries | ||||
| SPDX support | ||||
| Statically-linked component identification | ||||
| Component hierarchy exploration | ||||
| SBOM editing and VEX declarations | ||||
| ML-BOM/AI-BOM generation | ||||
| AI model safety and trust | ||||
| SaaSBOM generation | ||||
| CBOM generation | ||||
| File extraction statistics | ||||
| Component age data | ||||
| Software license text | ||||
| CycloneDX export | ||||
| SPDX export | ||||
| SARIF export | ||||
| Networking URIs export | ||||
| PDF summary export | ||||
| HTML report export | ||||
| JSON report export | ||||
| RL-SAFE archive export | ||||
| Vulnerabilities export | ||||
| VS Code IDE extension | ||||
| OpenAI Custom ChatGPT | ||||
| MCP Server | ||||
| Claude Code Skill | ||||
| GitHub Actions | ||||
| JFrog Artifactory | ||||
| Docker images for CI/CD scanning | ||||
| Azure DevOps extension | ||||
| GitLab CI/CD | ||||
| Jenkins | ||||
| TeamCity | ||||
| Python SDK for REST API | ||||
| ServiceNow® SBOM module | ||||
| ASPM tools | ||||
| Windows packages | ||||
| Linux packages | ||||
| macOS packages | ||||
| AI/ML models and formats | ||||
| Cryptographic algorithms, protocols, and certificates | ||||
| Development plugins | ||||
| Virtual machine disk images | ||||
| Container images | ||||
| .NET (C#, F#, VB.NET) | ||||
| Node.js | ||||
| PowerShell | ||||
| Python | ||||
| Ruby | ||||
| AutoIt | ||||
| C/C++ | ||||
| Delphi | ||||
| Go | ||||
| Java | ||||
| JavaScript | ||||
| PHP | ||||
| Rust | ||||
| Shell | ||||
| Visual Basic | ||||
| Web/SaaS Portal | ||||
| REST API | ||||
| API tokens | 10 | 10 | Unlimited | Unlimited |
| Aggregate API lookups | 100k/mo | 1M/mo | Unlimited | Unlimited |
| SOC2 Type II compliant | ||||
| Single-user management | ||||
| CLI tools | ||||
| Multi-user management | ||||
| Single sign-on (SSO) via SAML or OIDC | ||||
| Role-based access control (RBAC) | ||||
| Organization and group management | ||||
| Unlimited package retention | ||||
| Unlimited package rescans | ||||
| Community support | ||||
| Email-only support | ||||
| Malware confirmation by a human expert | ||||
| Standard or premium support | ||||
