The Scan Cycle
We do fresh scans of your repositories based on the frequency you've selected. This is either monthly, weekly, or daily.
Depending on how many repositories, scans take as little as 9 seconds, but for most organizations it takes just a few minutes to complete.
No repository data remains on our servers after the scan is complete. We found this to be more efficient for us than storing your dependencies and monitoring them that way.
In a nutshell, this is how our tool works:
Notifications
If vulnerabilities are found, they're stored in our database for you to view in the dashboard and keep track of. We will also send an email alert and/or slack alert containing the total number of vulnerabilities found in a scan and how many of them were not already known to you before. So you're not getting notifications everyday, we'll only send these alerts to you when new vulnerabilities are found.
Future plans
We are building a new way to detect malicious packages, and we can't wait to tell you how it works!
We are also exploring every avenue and looking for every possible way an attacker can get malware installed on your machine through supply chain vulnerabilities, and will be adding more detection techniques throughout the year.
Sign up for SupplyShark to get started securing your supply chain!