You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Kusari Inspector
GitHub App
Kusari Inspector
GitHub App
Kusari Inspector seamlessly integrates software supply chain security analysis into your pull requests. Identify, manage, and mitigate supply chain risks early and effortlessly within your workflow using powerful AI and dependency graph analysis. Detects vulnerabilities, leaked secrets, workflow issues, risky dependencies, license concerns, and other supply chain threats—before code is merged.
Features
Pull Request Inspection & Analysis: Trigger comprehensive supply chain security scans on every new or updated PR
Instant In-PR Feedback: Clearly annotated reports in seconds right within your PRs
Dependency Risk Assessment: Know about risky, low-trust or vulnerable dependencies early in development
Understand Transitive Dependencies: Full understanding of your dependency tree to determine the likelihood of exploitation and risk
Intelligent Vulnerability Ranking: Factor in CVSS, EPSS and KEV to determine the criticality of the vulnerability (along with the context of where it lives in the dependency tree)
Actionable Insights: Clear go/no go direction with remediation suggestions and clear steps on what needs to be done to mitigate the risk
Checks
Kusari Inspector checks for:
Credentials and other secrets
Typosquatted dependency names
Common code weaknesses via static analysis
Direct and transitive dependencies
Dependencies’ repository security posture
Software licenses
Categorized into strong copy left, weak copy left, network copy left and permissive
Known vulnerabilities, including severity (CVSS), likelihood of exploit (EPSS), and known exploited vulnerabilities
GitHub workflow security issues
DockerFile security issues
Terraform security issues
Helm chart security issues
Benefits
Catch insecure dependencies and risky code early, less back-and-forth with security
Empowered by context-rich, security-aware reviews directly in pull requests
Inline explanations help build secure coding habits over time
Know what’s safe to merge with clear guidance and fixes