̽»¨ÊÓƵ

Hunted Labs logo


Hunted Labs Solutions for the Public Sector

What is Entercept?

Entercept is an Application Security Posture Management (ASPM) tool focused on software supply chain security. It primarily deals with pre-runtime security, helping organizations gain deeper visibility into the open-source components they use.

  • Key Features and Benefits
    • Different from Traditional SCA Tools: Unlike standard Software Composition Analysis (SCA) tools, Entercept does not just match CVEs—it analyzes open-source software's actual contributors and governance.
    • Bridges a Security Gap: It helps organizations understand who is behind their code, an often overlooked aspect of software supply chain security.
    • Critical for Nation-State Threat Detection: By identifying potential Advanced Persistent Threats (APTs) at the source code level, Entercept provides an extra layer of defense against supply chain attacks. Stopping a new category of emerging threats: external insider threats.
    • API-First Approach: The platform is designed for automation and integration into CI/CD pipelines.
  • Core Features & Capabilities

    ​â¶Ä‹â¶Ä‹â¶Ä‹SBOM (Software Bill of Materials) Generation, Import & Analysis

    • ​â¶Ä‹â¶Ä‹â¶Ä‹â€‹â¶Ä‹â¶Ä‹â¶Ä‹â€‹â¶Ä‹â¶Ä‹â¶Ä‹â€‹â€‹Entercept allows users to generate or import SBOMs (Software Bill of Materials) to analyze dependencies and security risks.
    • It supports API-based ingestion, making it useful for integration into existing security workflows.​â¶Ä‹â¶Ä‹â¶Ä‹â€‹â€‹â€‹

    Dependency Analysis & Blast Radius

    • The platform visualizes software dependencies through a dependency tree.
    • It helps organizations understand the blast radius of a vulnerable or compromised package within their environment.

    Open Source Optics (OSO) – Contributor & Threat Attribution

    • One of Entercept’s unique features is its ability to track open-source maintainers and their affiliations.
    • It pulls contributor data from repositories (e.g., GitHub) and flags contributors based on location, employer, and activity.
    • Example: If a package maintainer is located in a sanctioned country (e.g., Russia, China), the platform flags it as a potential supply chain risk.

    Threat Intelligence & Risk Assessment

    • Entercept goes beyond traditional Software Composition Analysis (SCA) by identifying risk factors such as:
      • Unmaintained dependencies (stale projects with inactive maintainers).
      • Projects with weak security governance (e.g., no code reviews or branch protection).
      • Packages controlled by groups in adversarial nations.​â¶Ä‹â¶Ä‹â¶Ä‹â€‹â¶Ä‹â¶Ä‹â¶Ä‹â€‹â¶Ä‹â¶Ä‹â¶Ä‹

    Automated Alternative Recommendations

    • Entercept suggests alternative open-source libraries that provide similar functionality when a risky package is identified.

    Continuous Monitoring & Alerting

    • It tracks software packages over time and alerts users if an update introduces a new risk or threat actor.