depthfirst immediately scans every new package release, reasons about its intent, and verifies its behavior to provide higher recall and precision on malware detection.
Dependency Firewall
Block malware by inspecting every package before it reaches any system or user in your company, including developers, and local or cloud AI agents operated across every team.
A malicious package can compromise your company the moment it is installed, because its scripts run before any of the code reaches production. A single install by any user is enough to leak credentials, plant a backdoor, or hand over source code before anyone notices.
Stop malware before it reaches anyone in your company
One firewall for every install in your company
Dependency Firewall blocks malware from reaching your developers and the AI agents your teams use, like Codex, Claude, and Antigravity, whether they run locally or in the cloud.
Catch malware before it’s installed
depthfirst analyzes every newly published package the moment it lands on a public registry, so malicious packages are stopped from being installed.
Enforce custom policies
Define what your company will accept, from package attributes to license terms, and Dependency Firewall enforces it on every install.
How Dependency Firewall blocks malware
-
![[Get signals (package publisher from your code), Scan with agent to reason through]](/uploads/defense-system.svg)
-
![[Runtime validation. *laptop -> repo -> fw -> registry*]](/uploads/runtime-validation.svg)
Deploy Dependency Firewall upstream of your private registry or artifact repo, so every package is inspected before it enters your trusted store.
-
![[Runtime validation]](/uploads/every-endpoint.svg)
Dependency Firewall sits between every endpoint and the public registries they pull from, so installs that bypass your artifact repo, or companies that do not have one, are protected too.
We recently had an incident where an internal vibecoded app inadvertently pulled in a malicious package that put our company at risk. depthfirst’s Dependency Firewall is a game changer as it enables us to safely leverage AI across the company.
Designed to fit your policies and workflows
Configurable guardrails
Define what your company will accept, from package attributes to license terms. Require a minimum package age, gate specific dependency trees, and enforce license policies across direct and transitive dependencies.
Response workflows
Route verdicts into the systems your team already uses, with critical detections paging through your incident response system and quarantines opening review tickets automatically.
Full control for security teams
Your team can override the decision in seconds, with every override logged automatically.
Security without latency
Approved packages are cached automatically so future installs add no latency.
Goodbye siloed security. depthfirst uses the same core technology to secure every layer of your system.
Code
Find real vulnerabilities by tracing business logic, data flows, and cross-service interactions across your codebase.
Supply Chain
Trace risk through your full dependency tree and surface only the vulnerabilities with a real execution path to them.
Secrets & Sensitive Data
Detect and validate credentials across your codebase, CI/CD pipelines, and runtime environments.
Agentic Pentesting
Confirm which vulnerabilities are exploitable by testing your running application with real attack paths.
