Updated Apr 23, 2026
Score 31
Phylum logo

Phylum

Ranked #464 of 1,000+ cybersecurity companies
Profile
INITIALIZING DATA STREAM...

Overview

Acquired By
Veracode
Website
phylum.io
Legal Name
Phylum Inc
Founded
2020
Crunchbase Rank
#60296

The Software Supply Chain Security Company

Phylum is an automated software supply chain security platform that continuously analyzes newly published open-source and other third-party code—ingesting packages, lockfiles, and SBOMs—to contextualize and block zero-day and other risks, enforce compliance and governance, deliver real-time threat intelligence, and integrate across the development lifecycle and toolchain to help organizations protect applications, vet vendors, detect brand-targeted attacks, and manage AI-authored code risk.

Industries
Software Development
Type
Privately Held
Social Media
linkedintwitter

Company Size

Employees
 
6
Range1–10 employees
110K+

Headquarters

Evergreen, Co, United States

Followers

 
2,908

Press Coverage

DateArticlePublisher
Nov 12, 2025Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam AttackThe Hacker News
Feb 10, 2025Incorporating 'secure by design' into the software supply chain [Q&A]BetaNews
Jan 13, 2025Celebrity investors, creator metrics, and Chrome extension compromise – ESW #389SC Media
Jan 7, 2025Veracode Acquires Phylumcitybiz
Jan 6, 2025Veracode Acquires PhylumFinSMEs
Jan 6, 2025Veracode Acquires Phylumcitybiz
Jan 6, 2025Veracode Acquires Phylum’s Assets to Enhance Software Supply Chain Risk ManagementVenture Capital
Nov 6, 2024Ongoing npm malware campaign involves Ethereum smart contractsSC Media
Nov 5, 2024Ongoing typosquatting campaign impersonates hundreds of popular npm packagestheregister.com
Nov 4, 2024Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat PackagesThe Hacker News

1–10 of 12

Specialties

open source securitysoftware supply chain securitysoftware supply chain riskopen sourcedevopsdevsecopsvulnerability reachabilityvulnerabilitiesmalwaremalicious authorslicense misuse

Categories

Cyber SecurityDeveloper ToolsEnterprise SoftwareSoftware

Event Appearances

2 events · 2 sponsor
Global AppSec DC 2023
Oct 30, 2023·Sponsor
OWASP Global AppSec Washington, DC 2023
Oct 30, 2023·Sponsor

Product

NameDescription
Phylum Software Supply Chain Security PlatformA platform that analyzes open-source software packages to identify risks, block attacks, and enforce policies before code is integrated into development environments.
Phylum Threat FeedAn API providing real-time data on malicious open-source packages and software supply chain attacks across multiple ecosystems.
Phylum Integration for Artifact RepositoriesA service that integrates with artifact repositories to vet open-source packages, enforce policies, and block malicious code before it enters the software supply chain.
Phylum Integration for CI/CD PipelinesA solution that integrates with continuous integration and delivery pipelines to analyze and block risky open-source packages during the build process.
Phylum Integration for Package ManagersA service that integrates with package managers to vet and block malicious or non-compliant open-source packages before they reach developer workstations.