Kusari Inspector: Security Insights Where You Need Them
Kusari Inspector is now generally available to provide immediate supply chain security insights in pull requests.
Parth Patel
June 17, 2025
Today, I’m proud to announce our latest offering: the Kusari Inspector, which provides AI-powered security analysis and go/no-go recommendations directly in pull requests. When we started showing an early version of this at KubeCon EU earlier this year, it was clear that we were solving a real problem that developers and DevOps teams face every day. Now Kusari Inspector is generally available for all GitHub users. Try it free for 30 days.
The problem: complex, opaque supply chains
Software supply chain security is complex. Applications have dozens of direct and transitive dependencies. It’s hard to keep track of everything. We built the Kusari Platform to help organizations track and get actionable insights from their complicated software supply chain. But what if we made those insights available to developers before the code ships?
It’s easier — and cheaper — to solve problems earlier in the process. The industry has been talking about “shifting left” for years — addressing issues earlier in the development cycle with local testing and other practices. We prefer to say “extend left”: supply chain security is not being made the sole responsibility of the developer, but it’s a practice that spans the entire software development lifecycle. With Kusari Inspector, we’re extending left, bringing the insights of the Kusari Platform into the development workflow. Now developers can understand supply chain security risks before they even merge the pull request.
There’s no time like now to tackle this problem. Supply chain attacks are up 156% year-over-year. But with 80% of the average application’s code coming from open source dependencies, companies have limited control over what goes into their software. Meanwhile, scrutiny is mounting, both from regulations like Europe’s Cyber Resilience Act and requirements from enterprise customers.
How Kusari Inspector works
When a developer opens a pull request, Kusari Inspector examines the changed files to uncover security concerns. It analyzes the full dependency graph, including transient dependences, to give developers the full picture. Kusari Inspector automatically calls out to state-of-the-art, established security tools (based on the language) to uncover vulnerabilities, credentials & other secrets, insecure GitHub workflows, dependencies with a poor security posture, common code weaknesses, typosquatted & other malicious dependencies, and more.
With in-depth analysis via the full dependency graph and AI, the Kusari Inspector provides a go/no-go recommendation, along with specific guidance for addressing issues. These recommendations appear as a comment on the pull request, so developers have the information they need where they already are. Developers can interact with the model to ask questions or provide feedback.
Kusari Inspector works with the Kusari Platform or as a standalone product. It provides analysis for many of the most popular language ecosystems — including Rust (Cargo), Go, Node.js (NPM), Python (PyPI), Ruby (RubyGems), and more.
Try Kusari Inspector
If you’re ready to get software supply chain security that comes to you and has your back, install the GitHub application on your repositories. You can use it for free for 30 days.
Want to learn more? Check out the product page for more details and links, and be sure to register for our upcoming webinar - The New Frontline in DevSecOps: Security at the Pull Request on July 16, 2025, for a live demo and insights on how to get started with Kusari Inspector.
Like what you read? Share it with others.
.webp)
.webp)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.jpg)
Previous
No older posts
Next
No newer posts
Want to learn more about Kusari?