Unleash Your Inner Hero and Conquer Open-Source Software Risks with Bulletproof Trust? Hercules

Everything we feel about our latest product release, Bulletproof Trust? Hercules, can be summed up in this Gif...

Yeah, we're that excited ??.

And for good reason. Bulletproof Trust is powering boldly into the new year with tremendous new features, giving our customers legendary Greek hero-like confidence when it comes to open-source security.?

Check out this constellation of new features:

Hero's Take?Action... Now You Can Too

Hero's don't just complain about problems, they take action. In this latest update, you can too. The Actions Engine in Bulletproof Trust Hercules turns Alerts into possibilities.

Bulletproof Trust now automatically calculates possible actions you can take to mitigate risks -- upgrading or downgrading to a new package, using a different dependency, etc. If Hercules finds a way to reduce your risk score, just click the Action button to find out how, then take action!

Imagine the Possibilities with "What If?" Scenarios

Heroes don't make changes blindly; they envision the outcome first. That's exactly what "What If?" scenarios in Bulletproof Trust Hercules empower you to do.?

With "What If?" scenarios, you can simulate changes—like swapping packages—and visualize the impact on your risk score, vulnerabilities, and contributor data before changing anything.?

Unmasking Impostors: Typosquatting Detection

Heroes know that even the smallest details can hide the biggest dangers. That’s why Hercules introduces Typosquatting Detection—a powerful feature designed to unmask packages attempting to masquerade through subtle misspellings or namespace confusion.?

Whether it’s a tuple-letter swap or a cleverly disguised namespace, this detection engine keeps you one step ahead. Available as an alert key in the model configuration and API, it empowers you to spot these threats early.?

Raising the Bar: OpenSSF Scorecard Integration

Heroes don’t leave anything to chance, and now neither do you. With Hercules, Bulletproof Trust integrates the OpenSSF Scorecard into its dataset, giving you a clearer picture of your package's security posture. The Scorecard’s aggregate score is available as an alert condition and through the API, letting you pinpoint risks faster than ever.?

Shining a Light on Contributors with Annotations

Heroes never overlook the people behind the code. With Hercules, Bulletproof Trust goes further by expanding contributor data annotations. Now, you can track not only a contributor’s behavior within a package—like maintainership or dependency changes—but also their activity across the index. Whether it’s contributions from known corporate accounts (e.g., Intel or Microsoft), bot accounts like Dependabot, or risky markers like fake or disposable email identities, Contributor Annotations shine a light on the contributors shaping your ecosystem. Stay informed, stay vigilant, and keep your code secure.

Adapting to Every Challenge: SPDX Format Support

Heroes need tools that adapt to every challenge. That’s why Hercules expands Bulletproof Trust to support SPDX ISO Standard SBOMs alongside CycloneDX formats. Whether it’s JSON, XML, or YAML, this update boosts compatibility and flexibility, ensuring your workflows remain seamless and your risk analysis more versatile than ever.

Digging Deeper: Smarter Source Discovery

Heroes don’t stop at the surface—they dig deeper to uncover the truth. Bulletproof Trust Hercules now supercharges source discovery, ensuring every package is tied to its real, reachable origins.?

Many ecosystems fall short in validating source information, leaving gaps for risk. Hercules bridges that gap, identifying sources that have moved, gone defunct, or were never accurate in the first place. By integrating human intelligence with known providers, vendors, and hosting locations, this update enhances source validation universally across ecosystems. Now, you can trust your source URLs with confidence, knowing no stone has been left unturned.

Wrapping Up: Step into 2025 with the Confidence of a Legendary Hero

Bulletproof Trust Hercules empowers you to take control of your open-source security like never before. From smarter source discovery to actionable alerts, every feature is designed to give you confidence and peace of mind.

TL;DR: What’s New in Bulletproof Trust:

• Actions Engine: Turn alerts into actionable insights with clear recommendations to reduce your risk.
• What If Scenarios: Simulate changes before committing, ensuring you make informed decisions.
• Typosquatting Detection: Spot impostors with advanced detection for subtle threats like namespace confusion.
• Contributor Annotations: Gain visibility into contributor activity and potential risks across the ecosystem.
• SPDX Format Support: Enhanced compatibility with SPDX ISO Standard SBOMs, including JSON, XML, and YAML.
• OpenSSF Scorecard Integration: Access aggregate security scores for packages, now and soon in the UI.
• Smarter Source Discovery: Validate package origins with human intelligence and universal enhancements.

Start your heroic journey with Bulletproof Trust Hercules today and make 2025 the year you take your open-source software security to legendary heights.

About Dark Sky Technology:

Dark Sky Technology is securing the world of software that powers our nations' most critical systems, devices, and applications by identifying malicious threats, untrustworthy contributors, risky code, and cyber attacks in open-source software. Our advanced analytics on open-source packages and their contributors protects the software supply chain and enables our customers to deploy secure, reliable, trusted software with confidence.

Our platform, Bulletproof Trust is a scalable software assurance and intelligence tool that measures the trustworthiness of open-source packages AND contributors. It scours various sources of online intelligence (OSINT) to analyze the health and status of and to identify malicious, criminal, or sanctioned contributors in an open-source package. Furthermore, it helps customers meeting the CISA Secure Software Development Attestation Form and NIST 800-161r1 requirements through software bill of materials (SBOM) generation and management.

Finally. Trust in Open Source.

Learn more at www.darkskytechnology.com.