Kusari Inspector improves supply chain security

Kusari unveiled Kusari Inspector, an AI-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows.

In Kusari Inspector, Kusari has brought together a powerful combination of industry standards, AI, and dependency graph analysis, to help organizations detect software supply chain risks early during the pull request process, and address them before code integration. The tool finds security weaknesses and supply chain risks in order to maintain secure development throughout every stage.

“Kusari Inspector puts robust security insights right where developers need them: in their pull requests. The recommendations come from Kusari’s analysis of the full dependency graph, including security practices and code provenance, so the result is always actionable — there’s no worry about ‘AI slop.’ By catching vulnerabilities and risky dependencies early, teams can move faster and ship more secure code,” said Tim Miller, CEO and Co-Founder at Kusari.

In addition to core supply chain analysis, Kusari Inspector introduces advanced safeguards and interactive features to further empower developer security.

Key Features & Benefits

• Pull request inspection & analysis: Receive instant, context-rich, annotated security reports with inline explanations on every new or updated pull request, saving time and reducing back-and-forth with security teams.
• Safe to merge: Clear go/no-go guidance, remediation suggestions, and step-by-step instructions to mitigate risks. Flags exposed credentials, sensitive secrets, workflow misconfigurations; blocks typosquatted or maliciously named dependencies and prohibited licenses; enforces rules and policies across the organization.
• Prioritized risk assessments & reduced alert noise: Identify and rank risky, low-trust, or vulnerable dependencies—direct and transitive—based on industry trusted data sources (CVSS, EPSS, Known Exploited Vulnerabilities) early in development and reduce noise by accounting for unexploitable vulnerabilities.
• Adaptive AI model with interactive guidance: Delivers precisesafe to merge guidance through deep code analysis, continuously learning from your codebase and preferences. Developers can chat with AI to clarify findings, customize recommendations, and set security standards.
• Automated SBOM generation: Automatically generate and collect source SBOM data for all connected projects and repositories.

“Installing Kusari Inspector in your code repository takes just a few minutes, and then your vulnerabilities, risks, and license issues are immediately detected and flagged within your pull requests. This empowers developers to address security concerns early—eliminating the need for lengthy and iterative security reviews. With Kusari Inspector, a simple three-minute fix can prevent weeks of delay and frustration, allowing developers to stay focused on building great software,” shared Michael Lieberman, CTO at Kusari.

Kusari Inspector is now available for GitHub repositories free for 30 days and $10 per seat per month subscription.