As development pipelines grow more complex, attackers continue to exploit open-source ecosystems and CI/CD automation to inject malicious code where it’s hardest to detect. Teams need a way to verify every software component before it moves deeper into the software development lifecycle (SDLC) without slowing developers down.
To help organizations strengthen their pipeline defenses, OPSWAT is introducing the MetaDefender Software Supply Chain Plugin for TeamCity. This integration incorporates automated threat detection, secrets analysis, and dependency risk visibility directly into your TeamCity build process, ensuring that every build is scanned and verified for safety.
Third-Party and Supply Chain Risks Are Accelerating
Modern development pipelines rely heavily on third-party packages, open-source ecosystems, APIs, and distributed microservices. This shift has unlocked enormous speed and innovation, but it has also expanded the attack surface in ways that traditional security tools were never designed to handle.
Applications are assembled from thousands of external components, container images, cloud services, and OSS libraries. In fact, most organizations now use open-source dependencies in more than 90% of their applications. But with this reliance comes real risk:
- Unverified third-party packages can introduce malware.
- Outdated or vulnerable OSS can create gaps for silent exploitation.
- Complex dependency chains make it difficult to know what’s actually running in production.
- CI/CD automation accelerates development, but can also accelerate the spread of compromise if left unchecked.
How It Works
Integrate the plugin into TeamCity in minutes:
Simple to Operate and Maintain
TeamCity automatically replaces previous versions. You can roll back or remove the plugin from the Administration interface at any time.
Whether you manage a few microservices or hundreds of repositories, the MetaDefender Software Supply Chain TeamCity plugin provides a scalable foundation for securing your software supply chain.
Benefits
Malware Detection and Prevention
Scans your builds for malicious artifacts early in the SDLC and catches compromised packages from sources like npm, PyPI, or Maven before they make their way into production.
Secret Leak Prevention
Identifies hardcoded API keys, passwords, tokens, and other sensitive data before they’re accidentally pushed further down the pipeline.
Dependency and Open-Source Risk Insight
Highlights outdated, unverified, or risky dependencies, including transitive ones that are usually easy to overlook.
Software Visibility and Transparency
Generates SBOM reports in standardized formats (CycloneDX, SPDX) for every build, giving your team visibility into all components.
Have questions about setup or best practices? Get tailored advice for your CI/CD environment.
