RapidFort, a leader in software supply chain security with the largest distribution of curated truly open-source software, and ReversingLabs (RL), the trusted name in file and software security, announced a partnership to deliver RapidFort Open-Source Dependency Libraries—an open-source package catalog to combine RapidFort’s proven curation and hardening process with independent third-party validation powered by ReversingLabs’ Spectra Assure platform.
According to the companies, RapidFort is the only vendor whose open-source library catalog is independently validated by a separate, named third-party security company—ReversingLabs—using enterprise-grade deep-binary malware detection. As a result of this partnership, every package in the catalog passes through RapidFort’s rigorous multi-stage hardening pipeline and is independently assessed by ReversingLabs to be free of tampering, malware, and known vulnerabilities before it reaches developers’ environments.
“ReversingLabs was built on the conviction that software security requires deep binary intelligence,” said ReversingLabs founder and CEO Mario Vuksan. “Malicious actors are increasingly compromising open-source components, embedding threats deep within the layers of container images that traditional tooling cannot reach. By bringing Spectra Assure’s independent malware analysis to every package in the RapidFort library catalog, together we give enterprises access to open-source dependencies that are both rigorously hardened and independently assessed clean before they ever enter a build pipeline.”
RapidFort Libraries work with any OS, any framework, and any application package manager through standard pip, Maven, npm, and OS package interfaces teams already use today.
For customers, this means reducing time to compliance by three to six months without the migration and lock-in of proprietary package managers, without single-source liability, and without the friction that slows security and development teams down, the company said.
The partnership brings together two complementary capabilities into a single, end-to-end security pipeline. RapidFort contributes its proven attack surface reduction and source-verified hardening process and ReversingLabs adds Spectra Assure, the industry’s leading deep-binary analysis platform for software supply chain security, bringing enterprise-scale malware detection, tampering identification, and independent onboarding governance to every package RapidFort releases, the vendors said.
“ReversingLabs is the gold standard for binary malware analysis,” said Mehran Farimani, CEO with RapidFort. “By embedding Spectra Assure analysis into our library release pipeline as an independent validation gate, we’ve created something the industry has been missing—a library catalog where the security claim is made by a separate company with its own reputation on the line. That’s a fundamentally different level of trust.”
RapidFort Open-Source Dependency Libraries validated by ReversingLabs Spectra Assure are available now in general availability for Python and Java ecosystems, with JavaScript entering closed beta. OS package coverage for Red Hat, Ubuntu, Debian, and Alpine is available now. Additional language runtimes and application package catalogs are on an accelerated roadmap.
For more information about this news, visit www.reversinglabs.com or www.rapidfort.com.