OSS Package Security

OSS Package Security helps organizations safeguard the integrity of their software supply chain by monitoring both threats and artifacts in real time. It provides visibility into external supply chain compromises as well as continuous validation of your own published software.

Artifact Security includes four key features:

• Threat Center – Central hub for tracking supply chain compromises detected across open-source ecosystems. View active incidents, investigate details, and apply remediation steps directly within StepSecurity.

• Artifact Monitor – Continuous compliance monitoring for your own artifacts (e.g., npm packages). Detects unauthorized or rogue releases, verifies provenance against approved CI/CD pipelines, and alerts your team immediately.

• NPM Package Search- Search across your organization or tenant to identify where specific npm packages were added in pull requests. Quickly assess exposure to compromised or vulnerable dependencies, trace package usage across repositories, and take targeted remediation actions.

• OSS Security Feed- The OSS Security Feed is an open intelligence resource that tracks compromised or suspicious npm package releases and maintainers in a single, searchable interface. It gives developers and security teams a real-time view of malicious packages before those packages reach their pipelines or developer machines.

Together, these tools enable security teams to:

• Detect compromises in third-party dependencies before they spread

• Ensure internal artifacts are published only from trusted pipelines

• Receive instant alerts via Slack, email, S3, and webhooks

• Automate response workflows through SIEM and SOC integrations