Skip to main content

RapidFort and ReversingLabs Launch Industry’s First Independently Validated Open-Source Dependency Libraries Delivering Safe Package Catalogs

ⓘ This article is third-party content and does not represent the views of this site. We make no guarantees regarding its accuracy or completeness.

Partnership Verifies Packages are Free of Tampering, Malware and Vulnerabilities Across all Operating Systems, Frameworks and Application Stacks with no Proprietary Package Manager Migration Needed

RapidFort, the leader in Software Supply Chain Security with the largest distribution of curated truly open-source software, and ReversingLabs (RL), the trusted name in file and software security, today announced a strategic partnership to deliver RapidFort Open-Source Dependency Libraries—the industry’s first and only open-source package catalog to combine RapidFort’s proven curation and hardening process with independent third-party validation powered by ReversingLabs’ Spectra Assure® platform.

RapidFort is the only vendor whose open-source library catalog is independently validated by a separate, named third-party security company—ReversingLabs—using enterprise-grade deep-binary malware detection. As a result of this partnership, every package in the catalog passes through RapidFort’s rigorous multi-stage hardening pipeline and is independently assessed by ReversingLabs to be free of tampering, malware, and known vulnerabilities before it reaches developers’ environments.

“ReversingLabs was built on the conviction that software security requires deep binary intelligence,” said ReversingLabs Founder and CEO Mario Vuksan. “Malicious actors are increasingly compromising open-source components, embedding threats deep within the layers of container images that traditional tooling cannot reach. By bringing Spectra Assure’s independent malware analysis to every package in the RapidFort library catalog, together we give enterprises access to open-source dependencies that are both rigorously hardened and independently assessed clean before they ever enter a build pipeline.”

Unlike competing approaches that require migration to proprietary package managers, custom operating system distributions, or vendor-specific toolchains, RapidFort Libraries work with any OS, any framework, and any application package manager through standard pip, Maven, npm, and OS package interfaces teams already use today. For customers, this means reducing time to compliance by three to six months without the migration and lock-in of proprietary package managers, without single-source liability, and without the friction that slows security and development teams down. RapidFort Libraries are a drop-in replacement—no migration, no disruption, no compromise. Existing vendor responses to the open-source supply chain crisis address only parts of this problem, but each imposes new constraints: proprietary OS distributions requiring platform migration, single-ecosystem library coverage, or build-from-source approaches with no independent integrity verification. No vendor prior to today has subjected every library in their catalog to named, independent third-party malware validation.

RapidFort Curation and Hardening Combined with ReversingLabs Validation

The RapidFort–ReversingLabs partnership brings together two complementary capabilities into a single, end-to-end security pipeline. RapidFort contributes its proven attack surface reduction and source-verified hardening process, which has helped enterprise customers eliminate up to 99.9% of CVEs from container images. ReversingLabs adds Spectra Assure, the industry’s leading deep-binary analysis platform for software supply chain security, bringing enterprise-scale malware detection, tampering identification, and independent onboarding governance to every package RapidFort releases.

“ReversingLabs is the gold standard for binary malware analysis,” said Mehran Farimani, CEO with RapidFort. “By embedding Spectra Assure analysis into our library release pipeline as an independent validation gate, we’ve created something the industry has been missing—a library catalog where the security claim is made by a separate company with its own reputation on the line. That’s a fundamentally different level of trust.”

ReversingLabs’ Spectra Assure performs deep binary analysis that goes far beyond signature-based scanning. As a result of this partnership, for public open-source repositories organizations now receive:

  • Deep malware detection: Binary-level analysis identifies obfuscated malware, hidden backdoors, and malicious payloads that evade traditional signature-based scanners—including novel threats with no prior CVE assignment.
  • Tampering verification: Cryptographic and structural analysis helps identify evidence of unauthorized modification, repackaging, or tampering within delivered software artifacts.
  • Threat intelligence correlation: Packages are checked against ReversingLabs’ authoritative Spectra Intelligence dataset covering billions of files and decades of malware research, providing context that no internal scan can replicate.
  • Differential version analysis: Spectra Assure compares a new package version against previous versions to identify newly introduced malware, tampering, risky behaviors, and unexpected changes in a new package update.
  • Policy-driven release gates: Packages that fail ReversingLabs’ security policies are blocked from the RapidFort catalog until risks are remediated, providing a preventative rather than reactive security control.
  • Evidence-backed audit trail: Every package release includes a ReversingLabs-generated security report, giving customers, their auditors, and regulators independently produced documentation of each artifact’s integrity status.

Availability

RapidFort Open-Source Dependency Libraries validated by ReversingLabs Spectra Assure are available today in general availability for Python and Java ecosystems, with JavaScript entering closed beta. OS package coverage for Red Hat, Ubuntu, Debian, and Alpine is available now. Additional language runtimes and application package catalogs are on an accelerated roadmap.

Existing RapidFort customers can enable library coverage immediately through the platform console or by contacting their account team. New customers can learn more and request access at rapidfort.com/libraries. Learn more about ReversingLabs Spectra Assure at https://www.reversinglabs.com/products/spectra-assure.

About ReversingLabs

ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers the software supply chain and file security insights, tracking over 422 billion searchable files with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers. For more information, visit www.reversinglabs.com.

About RapidFort

RapidFort leads the Software Supply Chain Security market with the largest distribution of curated, genuinely open-source software. Its platform enables organizations to eliminate risk at scale through hardened near-zero CVE container images, runtime profiling, attack surface management, and the industry's first independently malware-scanned open-source images – cutting CVE exposure by up to 99.9% without code changes or platform migration. RapidFort is recognized in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security, named a Gartner® Cool Vendor™, and honored as a Nutanix .Next Partner of the Year. The company is backed by Blue Cloud Ventures and Forgepoint Capital and headquartered in Sunnyvale, Calif. Visit www.RapidFort.com.

RapidFort, RAPIDFORT, and RBOM are registered trademarks of RapidFort, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.

Strategic partnership creates industry’s first and only open-source package catalog to combine RapidFort’s proven curation and hardening process with independent third-party validation powered by ReversingLabs’ Spectra Assure® platform.

Contacts

Report this content

If you believe this article contains misleading, harmful, or spam content, please let us know.

Report this article

Recent Quotes

View More
Symbol Price Change (%)
AMZN  245.84
+1.69 (0.69%)
AAPL  313.69
+1.03 (0.33%)
AMD  522.72
-29.33 (-5.31%)
BAC  60.12
+0.22 (0.37%)
GOOG  366.27
+1.37 (0.38%)
META  608.80
+8.51 (1.42%)
MSFT  394.19
+7.45 (1.93%)
NVDA  197.47
+1.92 (0.98%)
ORCL  140.47
-3.28 (-2.29%)
TSLA  408.72
-11.05 (-2.63%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.