What is Kahu?
Features
- Real-Time Monitoring: Continuously scans and analyzes third-party dependency code for malicious behavior and security risks.
- Hidden Vulnerability Detection: Uncover hidden vulnerabilities and potential backdoors using advanced algorithms and comprehensive scanning.
- Actionable Insights: Provides detailed reports and alerts about suspicious activities and security risks.
- Compliance Monitoring: Continuously monitors dependencies for compliance with security standards and regulations.
- Seamless Integration: Integrates with CI/CD pipelines, GitHub Actions, and command-line interface without disrupting workflows.
- Threat Intelligence: Leverages machine learning and threat intelligence to stay updated on emerging threats.
Use Cases
- Protect applications from supply chain attacks by detecting malicious code in open-source dependencies.
- Identify hidden vulnerabilities and backdoors in third-party packages before deployment.
- Ensure compliance with security standards like SOC 2 or ISO 27001 by monitoring dependency security.
- Monitor and secure CI/CD pipelines against compromised packages.
- Generate security reports for audits and risk assessments.
FAQs
-
What is a dashboard seat?
A dashboard seat is the access to Kahu's dashboard. The number of seats represents the number of users that can be registered to access the dashboard. -
What is a code committer?
A code committer is a user who made a commit to a monitored repository in the past 30 days. -
Do I have to share private source code with Kahu?
No. Kahu only needs access to the metadata stored on a lockfile. -
How are the number of unique dependencies measured?
If two or more monitored projects require the same package (e.g., monolog/monolog) as a direct or transitive dependency, it will be counted a single time towards the account limit.