Kusari, a leading innovator in software supply chain security, is releasing Kusari Inspector, an artificial intelligence (AI)-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows.
With Kusari Inspector, Kusari is bringing together a powerful combination of industry standards, AI, and dependency graph analysis, to help organizations detect software supply chain risks early during the pull request process, and address them before code integration, according to the company.
“Kusari Inspector puts robust security insights right where developers need them: in their pull requests. The recommendations come from Kusari’s analysis of the full dependency graph, including security practices and code provenance, so the result is always actionable—there’s no worry about ‘AI slop.’ By catching vulnerabilities and risky dependencies early, teams can move faster and ship more secure code,” said Tim Miller, CEO and co-founder at Kusari.
In addition to core supply chain analysis, Kusari Inspector introduces advanced safeguards and interactive features to further empower developer security.
Key features and benefits include:
- Pull Request Inspection and Analysis: Receive instant, context-rich, annotated security reports with inline explanations on every new or updated pull request, saving time and reducing back-and-forth with security teams.
- Safe to Merge: Clear go/no-go guidance, remediation suggestions, and step-by-step instructions to mitigate risks. Flags exposed credentials, sensitive secrets, workflow misconfigurations; blocks typosquatted or maliciously named dependencies and prohibited licenses; enforces rules and policies across the organization.
- Prioritized Risk Assessments and Reduced Alert Noise: Identify and rank risky, low-trust, or vulnerable dependencies—direct and transitive—based on industry trusted data sources (CVSS, EPSS, Known Exploited Vulnerabilities) early in development and reduce noise by accounting for unexploitable vulnerabilities.
- Adaptive AI Model with Interactive Guidance: Delivers precise safe to merge guidance through deep code analysis, continuously learning from your codebase and preferences. Developers can chat with AI to clarify findings, customize recommendations, and set security standards.
- Automated SBOM Generation: Automatically generate and collect source SBOM data for all connected projects and repositories.
“Installing Kusari Inspector in your code repository takes just a few minutes, and then your vulnerabilities, risks, and license issues are immediately detected and flagged within your pull requests. This empowers developers to address security concerns early—eliminating the need for lengthy and iterative security reviews. With Kusari Inspector, a simple three-minute fix can prevent weeks of delay and frustration, allowing developers to stay focused on building great software,” shared Michael Lieberman, CTO and co-founder at Kusari.
For more information about this news, visit www.kusari.dev.