Thursday, July 9, 2026

RapidFort and ReversingLabs Launch Safe Open-Source Catalogs

Related stories

Partnership Verifies Packages are Free of Tampering, Malware and Vulnerabilities Across all Operating Systems, Frameworks and Application Stacks with no Proprietary Package Manager Migration Needed

RapidFort, the leader in Software Supply Chain Security with the largest distribution of curated truly open-source software, and ReversingLabs (RL), the trusted name in file and software security, announced a strategic partnership to deliver RapidFort Open-Source Dependency Libraries the industry’s first and only open-source package catalog to combine RapidFort’s proven curation and hardening process with independent third-party validation powered by ReversingLabs’ Spectra Assure® platform.

RapidFort is the only vendor whose open-source library catalog is independently validated by a separate, named third-party security company ReversingLabs using enterprise-grade deep-binary malware detection. As a result of this partnership, every package in the catalog passes through RapidFort’s rigorous multi-stage hardening pipeline and is independently assessed by ReversingLabs to be free of tampering, malware, and known vulnerabilities before it reaches developers’ environments.

Also Read: Jamf Launches AI Governance for Mac AI Control Plane

“ReversingLabs was built on the conviction that software security requires deep binary intelligence,” said ReversingLabs Founder and CEO Mario Vuksan. “Malicious actors are increasingly compromising open-source components, embedding threats deep within the layers of container images that traditional tooling cannot reach. By bringing Spectra Assure’s independent malware analysis to every package in the RapidFort library catalog, together we give enterprises access to open-source dependencies that are both rigorously hardened and independently assessed clean before they ever enter a build pipeline.”

Unlike competing approaches that require migration to proprietary package managers, custom operating system distributions, or vendor-specific toolchains, RapidFort Libraries work with any OS, any framework, and any application package manager through standard pip, Maven, npm, and OS package interfaces teams already use today. For customers, this means reducing time to compliance by three to six months without the migration and lock-in of proprietary package managers, without single-source liability, and without the friction that slows security and development teams down. RapidFort Libraries are a drop-in replacement no migration, no disruption, no compromise. Existing vendor responses to the open-source supply chain crisis address only parts of this problem, but each imposes new constraints: proprietary OS distributions requiring platform migration, single-ecosystem library coverage, or build-from-source approaches with no independent integrity verification. No vendor prior to today has subjected every library in their catalog to named, independent third-party malware validation.

RapidFort Curation and Hardening Combined with ReversingLabs Validation

The RapidFort–ReversingLabs partnership brings together two complementary capabilities into a single, end-to-end security pipeline. RapidFort contributes its proven attack surface reduction and source-verified hardening process, which has helped enterprise customers eliminate up to 99.9% of CVEs from container images. ReversingLabs adds Spectra Assure, the industry’s leading deep-binary analysis platform for software supply chain security, bringing enterprise-scale malware detection, tampering identification, and independent onboarding governance to every package RapidFort releases.

“ReversingLabs is the gold standard for binary malware analysis,” said Mehran Farimani, CEO with RapidFort. “By embedding Spectra Assure analysis into our library release pipeline as an independent validation gate, we’ve created something the industry has been missing a library catalog where the security claim is made by a separate company with its own reputation on the line. That’s a fundamentally different level of trust.”

ReversingLabs’ Spectra Assure performs deep binary analysis that goes far beyond signature-based scanning. As a result of this partnership, for public open-source repositories organizations now receive:

  • Deep malware detection: Binary-level analysis identifies obfuscated malware, hidden backdoors, and malicious payloads that evade traditional signature-based scanners including novel threats with no prior CVE assignment.
  • Tampering verification: Cryptographic and structural analysis helps identify evidence of unauthorized modification, repackaging, or tampering within delivered software artifacts.
  • Threat intelligence correlation: Packages are checked against ReversingLabs’ authoritative Spectra Intelligence dataset covering billions of files and decades of malware research, providing context that no internal scan can replicate.
  • Differential version analysis: Spectra Assure compares a new package version against previous versions to identify newly introduced malware, tampering, risky behaviors, and unexpected changes in a new package update.
  • Policy-driven release gates: Packages that fail ReversingLabs’ security policies are blocked from the RapidFort catalog until risks are remediated, providing a preventative rather than reactive security control.
  • Evidence-backed audit trail: Every package release includes a ReversingLabs-generated security report, giving customers, their auditors, and regulators independently produced documentation of each artifact’s integrity status.

Source: Businesswire

Subscribe

- Never miss a story with notifications


    Latest stories