Kusari Makes Merges Secure & Simple with Clear Go/No-Go Guidance, Step-by-Step Fixes

RIDGEFIELD, Conn.: Kusari, a leading innovator in software supply chain security, today unveiled Kusari Inspector, an artificial intelligence (AI)-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows.

In Kusari Inspector, Kusari has brought together a powerful combination of industry standards, AI, and dependency graph analysis, to help organizations detect software supply chain risks early during the pull request process, and address them before code integration. The tool finds security weaknesses and supply chain risks in order to maintain secure development throughout every stage.

“Kusari Inspector puts robust security insights right where developers need them: in their pull requests. The recommendations come from Kusari’s analysis of the full dependency graph, including security practices and code provenance, so the result is always actionable — there’s no worry about ‘AI slop.’ By catching vulnerabilities and risky dependencies early, teams can move faster and ship more secure code,” said Tim Miller, CEO and Co-Founder at Kusari.

In addition to core supply chain analysis, Kusari Inspector introduces advanced safeguards and interactive features to further empower developer security.

Key Features & Benefits

• Pull Request Inspection & Analysis: Receive instant, context-rich, annotated security reports with inline explanations on every new or updated pull request, saving time and reducing back-and-forth with security teams.
• Safe to Merge: Clear go/no-go guidance, remediation suggestions, and step-by-step instructions to mitigate risks. Flags exposed credentials, sensitive secrets, workflow misconfigurations; blocks typosquatted or maliciously named dependencies and prohibited licenses; enforces rules and policies across the organization.
• Prioritized Risk Assessments & Reduced Alert Noise: Identify and rank risky, low-trust, or vulnerable dependencies—direct and transitive—based on industry trusted data sources (CVSS, EPSS, Known Exploited Vulnerabilities) early in development and reduce noise by accounting for unexploitable vulnerabilities.
• Adaptive AI Model with Interactive Guidance: Delivers precise safe to merge guidance through deep code analysis, continuously learning from your codebase and preferences. Developers can chat with AI to clarify findings, customize recommendations, and set security standards.
• Automated SBOM Generation: Automatically generate and collect source SBOM data for all connected projects and repositories.

“Installing Kusari Inspector in your code repository takes just a few minutes, and then your vulnerabilities, risks, and license issues are immediately detected and flagged within your pull requests. This empowers developers to address security concerns early—eliminating the need for lengthy and iterative security reviews. With Kusari Inspector, a simple three-minute fix can prevent weeks of delay and frustration, allowing developers to stay focused on building great software,” shared Michael Lieberman, CTO and Co-Founder at Kusari.

Kusari Inspector is now available for GitHub repositories free for 30 days and $10 per seat per month subscription. To learn more, visit: https://www.kusari.dev/inspector

Attend the webinar, The New Frontline in DevSecOps: Security at the Pull Request, on July 16, 2025, for a live demo and insights on how to get started with Kusari Inspector. Register here.

About Kusari

Kusari delivers end-to-end software supply chain security, helping organizations gain real-time visibility into dependencies, vulnerabilities, and license risks across both proprietary and open source code. With a unified, actionable view of software supply chain risks, teams can pinpoint issues, prioritize fixes and stay compliant—all with automated, developer-friendly workflows.

Kusari was founded in 2022 by three cybersecurity experts with decades of experience building secure software in regulated industries. We help you figure out what’s in your software, where the issues are, and how to tackle them. Backed by J2 Ventures, Glasswing Ventures, and Unusual Ventures, Kusari champions open source security–leading efforts in industry associations and maintaining key projects like OpenSSF’s GUAC and Open Source Project Security Baseline.

To learn more, visit www.kusari.dev.

Fonte: Business Wire