Mitigate Open Source Supply Chain Risks
With WhiteSource Diffend

Manage the risks that come with using open source third-party dependencies with WhiteSource Diffend’s malware detecting security scanning and risk management platform.

Protect Yourself Against:

Typosquatting attacks, Malicious takeovers, ATO attacks, Makefile pollution, Bitcoin mining, Accidental injections, Botnet code injections, Environment and credential stealing, Viruses, Packages tampering, Packages CVEs, Ruby CVEs, Brandjacking, Dependency confusion

How It Works

WhiteSource Diffend is a multi-dimensional tool. It scans packages and analyses their behaviors.
It also provides granular control over the dependencies permitted within your organization.

Take Action Based on Real-Time
Production Notifications

WhiteSource Diffend keeps track of the state of your production.

Deploy with confidence, knowing you’re secure

React quickly when your systems are at immediate risk

Understand the severity and the scope of new vulnerabilities

Inspect Changes in Packages
Before They Are Allowed

WhiteSource Diffend allows you to inspect dependencies and:

Intelligently suggests which updates require review by your team members

Automatically notifies you during installation attempts about the need for a manual review

Enforces policies when un-reviewed package updates aren’t allowed

See It in Action(rest-client 1.6.9 vs malicious 1.6.13)

Control the Entire Process of
Open Source Dependency Use

WhiteSource Diffend enables you to define policies to allow or block package downloads, based on your organization’s specific needs and processes.

Require packages are approved by lead developers.

Build rules around packages and their versioning.

Control usage of libraries with licenses that are problematic to your organization.

Need More Info?

Read Our Docs

About WhiteSource Diffend

WhiteSource Diffend was created to help protect open source users against software supply chain attacks, and has already proven itself to be extremely effective at detecting and blocking attempts at malicious exploits. WhiteSource Diffend had already detected and reported hundreds of malicious packages that were swiftly removed from their registry, to protect open source users from accidentally installing malicious code.

In a nutshell, here is how WhiteSource Diffend works:

Scans new open source releases immediately, performing dozens of tests to assess the likelihood that the package/release is malicious.

Integrates with package managers (currently Ruby-only, JavaScript in beta) to block installs and downloads of the packages before they have any chance to exploit.

On April 2021, Whitesource announced the acquisition of diffend.io, to add software supply chain risk mitigation capabilities to its current application security offering

Manage Your Software Supply Chain Risks Today