Spectra Assure® Community for Developers
Build SAFE with Secure Open-Source Software
The Largest Resource of Comprehensive Risk Assessments on Open Source. Totally Free.
Attacks on public open-source repositories are now as pervasive as developers' use of open-source dependencies. Spectra Assure® Community monitors over six million open-source packages to identify malware, code tampering, and indicators of software supply chain attacks. It provides a free risk assessment for open-source components from the most popular package repositories such as npm, NuGet, PyPi, and RubyGems, so you can be sure the open-source packages in your applications are free from malicious code and supply chain attacks.
To build the safest applications, you need the safest building blocks. This is why Spectra Assure Community provides free access to risk assessments for more than six million code packages from open-source repositories including npm, PyPI, RubyGems, and NuGet. We also acknowledge that not everyone uses the latest package versions. To address this, we retain assessments of each version of each package in the repository.
Spectra Assure Community checks for malicious code, code tampering, suspicious behaviors, known vulnerabilities, license compliance issues, exposed secrets, and overall package health. Thorough assessments are more important than ever as developers have become a prime target for criminal and nation state sponsored actors.
With instant access and easy search capabilities, you can rapidly curate open-source with confidence. Quick and easy to understand risk assessment via web app that ensures consistent security without slowing down development. The Spectra Assure SAFE Report is presented in a normalized format for the selected package, allowing users to make a simple comparison and fast decision.
ReversingLabs loves Open-Source Software. See for yourself at secure.software with no cost, no account, and no email. Spectra Assure Community is completely free to use via web app. Just like any search engine, enter the open-source package you’d like a risk assessment for into the search bar and the results are instantaneous.
ReversingLabs provides community insights from our team of dedicated threat researchers. From insight into malicious activity in the VSCode marketplace to compromised ultralytics PyPI packages, our mission is to keep the community forewarned and forearmed of novel supply chain attacks. Additionally, Spectra Assure helps with removing malicious code from package repositories, and we contribute to the Linux Foundations OSSF Malicious Packages Database.
Learn about complex binary analysis and how it tackles supply chain threats like malware, tampering, exposed secrets and more — all without source code.
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Get in-depth insights into the latest software supply chain threat.