Features

ShieldedStack: Real-Time Supply Chain Defense with Actionable Intelligence

ShieldedStack unifies a zero-friction package proxy, continuous vulnerability intelligence, and a collaborative security console. Underpinned by a continuously updated knowledge graph, the platform blocks dangerous packages before they land in your repos while surfacing the context your security and engineering teams need to take action.

Secure Package Proxy

Drop-in proxy for NuGet, npm, and PyPI that sits transparently between developers and package registries, enforcing security policy without breaking workflows.

  • Zero-configuration registry compatibility—no developer tooling changes required.
  • Low-latency package delivery with intelligent caching and global CDN distribution.
  • Complete audit trails and real-time telemetry for every package request.
  • Automatic vulnerability scanning on every package install attempt.

Proxy Modes: Trust-Then-Verify & Verify-Then-Trust

Choose the security posture that matches your risk tolerance and development velocity.

Trust-Then-Verify

Allow packages through immediately while scanning in the background. Ideal for fast-moving teams who want visibility without blocking workflows.

Alerts are raised post-download if vulnerabilities are discovered.

Verify-Then-Trust

Block packages until they pass security validation. Enforces zero-trust policy at the dependency level.

Only packages that meet policy requirements are allowed through the proxy.

Policy Engine & Package Filters

Flexible policy controls let you define exactly which packages are allowed, blocked, or require additional scrutiny.

  • Allow & Deny Lists: Explicit package rules that override default policies—whitelist trusted packages or permanently block known threats.
  • CVE Severity Blocking: Set minimum severity thresholds (Low, Medium, High, Critical) to automatically block packages with vulnerabilities above your tolerance level.
  • Package Release Grace Period: Require new package versions to age for a configurable period before allowing installation—protect against zero-day supply chain attacks.

Package Scanner

Standalone console application that scans directories for dependencies—ideal for discovering existing packages in deployed systems, CI/CD pipelines, or environments that can't use the proxy.

  • Scan project directories, lock files, and package manifests to inventory dependencies.
  • Run on-demand or schedule via cron for continuous monitoring of production systems.
  • Works in air-gapped environments or alongside the proxy for comprehensive coverage.
  • Reports findings directly to ShieldedStack console for centralized visibility.
  • Supports NuGet, npm, and PyPI ecosystem scanning.

Real-Time CVE Alerts

Continuous vulnerability intelligence monitors your dependencies and alerts you within minutes of new CVE disclosures.

  • Event-driven enrichment updates package intelligence within minutes of new vulnerability disclosures.
  • Aggregated alert feed surfaces all CVEs affecting your inventory in one prioritized view.
  • Severity-based filtering and acknowledgement workflows streamline security triage.
  • Shows affected package versions for each CVE so teams can quickly identify vulnerable dependencies.

License Change Detection

Track license changes across package versions to catch compliance risks before they impact your organization.

  • Automatic detection when packages change licenses between versions.
  • Alerts for transitions to restrictive or incompatible licenses (e.g., MIT to GPL).
  • SPDX-based license intelligence mapped to business-friendly risk categories.
  • Historical license tracking for audit and compliance reporting.

Notification Channels

Route alerts from ShieldedStack directly into your team's existing workflows—never miss a critical vulnerability.

  • Microsoft Teams: Send CVE alerts, license changes, and policy violations directly to dedicated channels.
  • Slack: Real-time notifications to security and engineering teams where they already work.
  • Email: Digest or immediate email alerts with customizable recipients and severity filtering.
  • Configure multiple channels per workspace with independent filtering rules.
  • Rich message formatting includes severity badges, affected packages, and direct links to console.

Data Export & SBOM Generation

Export comprehensive dependency inventories and Software Bill of Materials (SBOM) for compliance, governance, and incident response.

  • One-click SBOM export in industry-standard formats (SPDX, CycloneDX).
  • CSV and JSON exports for custom reporting and integration with GRC tools.
  • Complete vulnerability reports including CVE details, severity ratings, and affected package versions.
  • License compliance exports with obligation summaries and risk classifications.

Risk Scoring & Intelligence

Context-aware risk engine quantifies package safety across security, compliance, and maintainability dimensions.

  • Unified 0–10 risk score blends vulnerability severity, version age, license posture, and maintenance signals.
  • Security, compliance, and maintainability dimensions help teams pinpoint remediation priorities.
  • Repository health metrics highlight engineering maturity and potential maintenance risks.
  • Continuously ingests advisories from leading vulnerability intelligence providers (NVD, GitHub, OSV).
  • Interactive dashboards visualize risky, outdated, and newly vulnerable packages.

Collaborative Security Console

Centralized workspace that aligns security, platform, and development teams around shared dependency intelligence.

  • Unified package inventory with CVE status, license posture, and usage analytics.
  • Self-service policy management—adjust filters, severity gates, and grace periods in seconds.
  • Granular API key rotation and environment-specific access controls.
  • Shared visibility into dependency risks for security analysts, platform engineers, and application developers.
  • Guided onboarding flows and best-practice templates for connecting package managers.