FAQ

Frequently Asked Questions

What vulnerabilities does SupplyShark check for?

We check for vulnerabilities in your supply chain that have actual security impact and will require a fix like dependency confusion.

What is documentation analysis?

If your documentation is in a repository on GitHub, it will be analyzed for supply chain vulnerabilities. This way your users that read your documentation don't accidentally install a malicious package.

What ecosystems does SupplyShark support?

We check for packages that can be installed in Python, Ruby, and JavaScript ecosystems. We are working on adding additional package managers and features and will release an update to support more very soon!

Will SupplyShark let me know if a package has already been taken over?

This feature is coming very soon! We are still working on making it as accurate as possible so there are no false positives. When we release it, it will be available to all plans.

How do I control what repositories SupplyShark analyzes?

SupplyShark will only analyze the repositories you give the GitHub app access to. SupplyShark will only analyze private repositories for Premium users.

Can I upgrade my plan?

Yes, you can upgrade your plan at anytime in the customer portal at the subscription settings page.

Are forked and archived repositories analyzed?

This feature is only for premium users if they choose to enable it.