Software supply chain security company Kusari Inc. today unveiled Kusari Inspector, an artificial intelligence-based pull request security tool that provides security risk analysis directly into developers’ daily workflows.

The new service brings together a combination of industry standards, AI and dependency graph analysis to assist organizations to detect software supply chain risks early during the pull request process and address them before code integration. A pull request process is a workflow in software development where changes to code are proposed, reviewed and approved before being merged into the main codebase.

Kusari Inspector finds security weaknesses and supply chain risks to maintain secure development throughout every stage.

In addition to core supply chain analysis, Kusari Inspector adds real-time pull-request inspection and clear “safe to merge” guidance. Using the tool, developers receive instant, annotated reports with inline explanations, plus step-by-step remediation instructions that flag exposed secrets, misconfigurations, risky licenses and typo-squatted dependencies.

Kusari Inspector prioritizes risk by ranking vulnerable or low-trust dependencies, both direct and transitive against trusted sources such as Common Vulnerability Scoring System, Exploit Prediction Scoring System and the Known Exploited Vulnerabilities catalog. The idea is that by filtering out non-exploitable issues, the tool cuts alert noise and keeps teams focused on the threats that matter most.

The AI model used by Kusari Inspector continuously learns from each codebase to refine its recommendations. Engineers can chat with the assistant to clarify findings, customize security standards and receive precise coding fixes that accelerate approvals.

To round out its protections, Kusari Inspector also automatically generates and aggregates Software Bill of Materials data for every connected repository. The unified visibility helps organizations enforce policies, maintain compliance and keep software supply chains resilient from commit to deployment.

“Installing Kusari Inspector in your code repository takes just a few minutes and then your vulnerabilities, risks and license issues are immediately detected and flagged within your pull requests,” explains Michael Lieberman, co-founder and chief technology officer at Kusari. “This empowers developers to address security concerns early – eliminating the need for lengthy and iterative security reviews. With Kusari Inspector, a simple three-minute fix can prevent weeks of delay and frustration, allowing developers to stay focused on building great software.”

Kusari is a venture capital-funded startup that has raised $8.08 million over two rounds, including a round of $8 million in January 2024. Investors in the company include J2 Ventures Management, Glasswing Ventures LP and Unusual Ventures Management.

Image: SiliconANGLE/Reve