RapidFort Launches Curated Libraries to Stop Supply Chain Attacks Before They Reach the Pipeline

SUNNYVALE, Calif.--(BUSINESS WIRE)--RapidFort, the leader in Software Supply Chain Security, today announced the availability of RapidFort Curated Libraries, a comprehensive catalog of malware-scanned open-source libraries to help organizations prevent supply chain malware before it reaches development pipelines or production environments.

RapidFort Curated Libraries give developers access to curated, malware-scanned open-source packages for npm, PyPI, Maven, RubyGems, and NuGet ecosystems. Developers are able to continue using the libraries they already know while reducing exposure to malicious binaries, backdoored dependencies, install-time payloads, typosquatted packages, credential stealers, droppers, downloaders, infostealers, keyloggers, rootkits, ransomware, and other supply chain threats.

“Modern software teams depend on open-source packages to move quickly, but every package downloaded into a development workflow introduces risk,” said Michael Wood, CMO at RapidFort. “RapidFort Curated Libraries give developers the power to move at DevOps speed while giving organizations the confidence that their applications and services have been vetted by the world’s most advanced threat intelligence solutions.”

RapidFort already provides more than 35,000 near-zero CVE curated images, runtime bill of material analysis, and the industry's most comprehensive software supply chain security platform. With RapidFort Curated Libraries, the company extends that protection to third-party application libraries, helping enterprises and public sector organizations secure the software supply chain at the source.

Mitigating Malware Before It Enters the Software Supply Chain

Recent software supply chain incidents have demonstrated how attackers increasingly target open-source ecosystems and developer workflows. Compromised packages and dependencies have affected widely used projects and repositories across popular application ecosystems.

RapidFort Curated Libraries are designed to stop these threats from entering an organization by ensuring developers access only open-source software that is curated and independently malware-scanned.

DevOps Velocity and SecOps Protection

RapidFort Curated Libraries leverage “The Power of And”: DevOps velocity and SecOps protection.

Developers can continue using the same pin-for-pin compatible libraries, packages, CLI syntax, interfaces, features, versions, and workflows they rely on today. RapidFort Curated Libraries work with existing operating systems, tools, artifactories, and software delivery processes without requiring teams to migrate to a proprietary operating system or vendor-specific development models.

Key benefits include:

• Malware scanning at the source: RapidFort helps prevent malicious packages and compromised dependencies from entering software pipelines.
• Existing workflow support: RapidFort Curated Libraries work with current operating systems, tools, artifactories, interfaces, and CLI syntax.
• Reduced incident response burden: Security and engineering teams can spend less time hunting for malware and vulnerabilities after public disclosures of threats.
• Continuous compliance visibility: RapidFort supports up-to-date compliance assessment and reporting based on frequent updates, helping organizations demonstrate security posture to internal stakeholders, auditors, customers, clients, and boards of directors.
• Policy-driven security: Organizations can shift from reactive vulnerability response to a proactive, policy-driven model for open-source software consumption.

Helping Developers Ship With Confidence

Open-source software powers modern innovation, but its scale and speed create new challenges for today’s security teams. RapidFort Curated Libraries allow organizations to continue benefiting from the global open-source ecosystem while reducing the risk that compromised packages, malicious payloads, or newly introduced malware will impact production systems.

“RapidFort has really helped us get ahead of the curve in vulnerability management of our application images, which is critical to delivering ATO-ready software to our customers," said Wesley Smith, President and CTO at Tactical ID. "We're excited that we can now give developers the packages they need while ensuring those packages are curated, malware-scanned, and compatible with the way teams already build software.”

Availability

RapidFort Curated Libraries are available today for organizations seeking to secure open-source software consumption across package libraries, operating systems, images, middleware, and development workflows. Customers can use RapidFort Curated Libraries alongside the RapidFort Curated Images catalog, runtime bill of material analysis, and compliance reporting capabilities.

For more information, visit www.rapidfort.com/libraries

About RapidFort

RapidFort is the leader in Software Supply Chain Security, enabling organizations to eliminate risk across their software stack at scale. Its platform combines curated near-zero CVE container images, runtime profiling, and attack surface management to remove up to 99.9% of vulnerabilities within hours and reduce the attack surface by up to 90% without code changes. RapidFort was identified as a Gartner® Cool Vendor™ in 2025 and a Nutanix.Next Partner of the Year in 2026. For more information, visit www.RapidFort.com.