Bytesafe is a package management platform for a secure code supply chain.
A firewall for dependencies with secure hosting of all your dependencies in private registries. Continuous analysis, monitoring and scanning for potential issues. Read more
Software applications depend on both internal proprietary code as well as open source code developed by others.
Like any other supply chain, all externally sourced code an application uses need to be managed in terms of availability, security, licensing etc to avoid business risks involved.
Private & public packages included in Bytesafe are scanned for changes in composition, security & licenses compliance issues as well as compared to any Policies (rules) set in place.
By continuously monitoring registries users are able to identify issues early and avoid surprises at build time.
A dependency is an external piece of code or package version that is used by your project in some way. It is not uncommon for projects to have 100+ dependencies.
Direct dependencies are package versions specified in a projects configuration files, like package.json or pom.xml. Indirect (or transitive) dependencies are dependencies of direct dependencies.
The Community Edition is a completely free on-premise offering that we provide to users and companies of any size (and not only open source projects). It focuses on enhancing open source security and package management.
Our Community Edition supports multiple ecosystems and comes with a dependency firewall that automatically quarantines threats. By leveraging these features, companies can enhance their security posture and ensure the integrity of their software supply chain.
Community Edition offers advanced capabilities to avoid threats introduced from open source. Although completely free, it’s feature-packed and lets you manage open source threats utilizing our advanced Dependency Firewall.
There are no limits or restrictions when it comes to users, packages, bandwidth or storage. Firewall registries (which act as proxies with security policies) are limited to 10 and each Firewall can have 1 upstream, which covers the needs of many teams.
For details, see the full feature comparison on our Pricing page.
Our Community Edition documentation describes how to download and install the platform, including instructions for Docker and Kubernetes.
Access Bytesafe with:
npm / yarn / pnpm), Maven clients (mvn / gradle), NuGet clients (nuget / dotnet) or Python clients (pip / twine) - Work with packages using regular command line tools.The appropriate tool depends on the use case.
Yes. Public registries can easily be configured as upstreams (linked package sources). Bytesafe even supports proxying multiple upstreams for each registry. To learn more, see the documentation on Upstreams.
Yes. Bytesafe offers unlimited hosted registries for all workspaces. Create as many registries as you wish and connect them into workflows that suit your needs. Need inspiration? See the Use case section of the Bytesafe docs.
Bytesafe offers pre-built integrations for both Slack and GitHub. In addition, Bytesafe can be integrated as a package source / destination for any CI/CD or other service that supports custom package configurations.
A Read-Only user is a special type of user that has limited access to your Bytesafe Workspace. Read-only users are ideal for keeping colleagues and stakeholders up to speed when you don’t require the whole range of Bytesafe features, such as uploading and installing packages.
Yes, with Bytesafe Policies. Policies are rules that are checked before any registry action is applied. Example include Secure Policy, that only allows package versions without known vulnerabilities in registries.
Yes, with the Vulnerability Scanner Plugin. The plugin scans all packages in a registry to identify any known vulnerabilities from the Bytesafe advisory database. Users are notified in Bytesafe or directly in their Slack channels.
Packages hosted in Bytesafe registries are automatically scanned for license information. This includes package files in addition to the information in package.json. Identified licenses are displayed in Bytesafe together with any identified license issues. Read more
Yes, with the License Compliance Plugin. Packages in a registry are scanned and compared to the active license policy to identify problematic, unlicensed or non-standard licenses. Users are notified through email, in Bytesafe and directly in their Slack channels.
Bytesafe support is available either via email (support@bytesafe.dev) or using the chat widget from either this site or from inside Bytesafe.
During sign up you select your desired workspace name and sign up with a user (social login or email). No other information is required. You do not have to provide any payment method or billing information.
Yes. Login to Bytesafe to manage team members and invites.
Visit the Bytesafe Blog, the Bytesafe documentation or follow us on Twitter to stay updated with our updates: Bytesafe Twitter
Yes, you can cancel at any time. The account remains active until the end of your current billing period, meaning you can still use your account during this period.
After trial, billing is performed at the start of each billing period. Adding users incur an immediate billing for the remaining period.
No. All credit card activity and information is handled by our trusted third-party providers, Chargebee and Stripe.
Yes! However, we will inactivate all but one user and any corresponding security tokens. We recommend you to verify that no service disruptions occurs in your services by manually inactivating users prior a downgrade.
All accounts automatically activate a free trial on sign up (no credit card required). If you have any questions related to our premium plans, please contact sales@bytesafe.dev.
Yes, we support the community and Bytesafe is provided free of charge for public open source projects! To get a Community account, just sign in to Bytesafe and contact support@bytesafe.dev with info about your project.
Unless otherwise stated, the Subscription Charges do not include any taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessible by any local, state, provincial or foreign jurisdiction (collectively “Taxes”).
Yes! Your account will be upgraded to the new plan with attached benefits as soon as payment has been processed. Your account will have the benefits attached to the new plan for as long as payment is provided.
If you’re on a paid plan that doesn’t fit your needs, you can downgrade to a lower tier. You will keep your current features and limits until the next billing cycle. The next bill will reflect your changes.
Prices in different currencies are shown for informational purposes and updated infrequently. Our services are priced and billed in Euro (EUR, €)
Yes. Bytesafe is GDPR compliant and maintains high information security standards in order to keep customer data secure and process and store personal data in compliance with applicable data protection regulations. For further information please see our Privacy Policy.
The European Union (EU) General Data Protection Regulation (GDPR) is a data privacy law that applies to any company, such as Bytesafe (Bitfront AB), that processes data of EU residents, regardless of the company’s business location. Broadly, the GDPR requires that: Data of EU residents considered “personal” must be protected and processed only as permitted; Access to this data is controlled and restricted; Contracts with third party processors must contain certain specific terms regarding their processing of the data; EU residents have numerous rights with respect to their personal data, including the right to restrict processing and to know the personal data a company holds on them; and Specific guidelines for data security incident notifications are followed.
Bytesafe (Bitfront AB) acts as a data controller when processing personal data of its customers, and as data processor to the extent Bytesafe (Bitfront AB) processes customer personal data in connection with providing the services.
Bytesafe (Bitfront AB) captures Personal Data of our end-users, i.e. those individuals with Bytesafe accounts. Specifically, we capture name, email address and other information received from Microsoft, Github, Google through our OAuth2 / SSO or SAML integrations.
If you are thinking about initiating security vulnerability scanning (or other supply chain security measures with Bytesafe) and are concerned about the lawfulness of processing personal data in this context we recommend reviewing Recital 49 in the GDPR. Recital 49 suggests that the processing of personal data for the purposes of ensuring that your networks and information systems are secure and protected from malicious attacks constitutes a legitimate interest for you as a data controller.
We have collected some information regarding security within Bytesafe on our security page. Please feel free to contact us with any specific question on our Contact page.
A DPA will be applicable for customer’s within the EU and available here as well as a current list of Subprocessors. If you’d like us to sign a custom DPA, you can do that on an Enterprise plan. Reach out to our Sales team here.