Phylum, a provider of software supply chain security, has integrated the Open Policy Agent (OPA) into its risk analysis engine, thereby enhancing the flexibility for the creation and enforcement of custom policies regarding the use of open source software.
The policy engine of Phylum gives security and risk teams better access to information about the development lifecycle. “The Phylum platform comes equipped with a default policy that detects risks across five domains: software vulnerabilities, license misuse, OSS malware, author risk and reputation, and engineering risk – and blocks attacks,” claimed Phylum in a statement.
“The default policy also enables organizations to comply with NIST, ISO, and other software supply chain security regulations.”
Read More: Phylum Adds Open Policy Agent to Open Source Analysis Engine