MetaDefender Software Supply Chain TeamCity Plugin
Software development and DevOps teams can automate threat detection across their software supply chain. OPSWAT MetaDefender Software Supply Chain for TeamCity plugin checks each build for malicious packages, exposed secrets, unverified dependencies, and other risks before they move further down the pipeline.
This plugin allows you to trigger repository scans as part of your CI/CD pipeline. When a user chooses to run a build, the plugin automatically connects to MetaDefender Software Supply Chain, launches an on-demand scan for the current repository and branch, and stops the build from running if findings exceed the policy you set.
Core Benefits
Malware Detection and Prevention
Scans your builds for malicious artifacts early in the SDLC and helps catch compromised packages from sources like npm, PyPI, or Maven before they make their way into production.
Secret Leaks Prevention
Identifies hardcoded API keys, passwords, tokens, and other sensitive data so they don’t accidentally get pushed further down the pipeline.
Dependency and Open-Source Risk Insights
Highlights outdated, unverified, or risky dependencies, including transitive ones that are usually easy to overlook.
Software Visibility and Transparency
Generates SBOM reports in standardized formats (CycloneDX, SPDX) for every build, giving your team visibility into all components.
Instructions For Integrating MetaDefender Software Supply Chain TeamCity Plugin
Install the plugin in TeamCity.
Add MetaDefender Software Supply Chain build configurations.
Start a scan to detect malware and vulnerabilities.
Step 1: Plugin InstallationInstall the plugin in TeamCity.
- Step 2: Add Build Setup
Add MetaDefender Software Supply Chain build configurations.
- Step 3: Repository Scan
Start a scan to detect malware and vulnerabilities.
