Skip to main content

Use rl-protect to integrate with Spectra Assure Community

rl-protect is a command-line tool designed for a shift-left approach to vulnerability and threat detection with the goal of identifying risks in open source software (OSS) dependencies before they propagate downstream into production builds.

More specifically, rl-protect scans package manifest files and checks declared OSS dependencies for security risks by connecting to the Spectra Assure Community database of analyzed software packages from popular communities. It is the fastest way to identify issues in software projects without having to perform full software package analysis. Scan results and relevant software package metadata can be exported as a JSON report for auditing purposes and further analysis. Users can also define their own dependency governance rules and store them into configuration profiles (called rl-profiles) to instruct rl-protect on what counts as a failure, which packages are always allowed or blocked, and which policies to override.

By integrating rl-protect into developer environments and workflows as a pre-build step, software producers can measurably reduce the cost and complexity of OSS risk remediation. Dependencies can be evaluated and replaced before they're even installed, preventing vulnerable ones from becoming entrenched in the codebase.

Additionally, rl-protect can integrate with other products in the Spectra Assure platform as part of an end-to-end protection strategy. Connecting rl-protect to a Spectra Assure Portal instance makes it possible to manage configuration profiles in a central place via the Portal API for improved consistency. Findings from rl-protect scans can also be confirmed with a deeper analysis of software packages on the Portal by importing them from a URL or PURL.

rl-protect can be installed for free on Windows and Linux-based systems from any of the following sources.

To start using it, you need either a free Spectra Assure Community account or an enterprise account on a Spectra Assure Portal instance.

Learn how to work with rl-protect from the following guides:

Get started with rl-protect
A quick-start guide for users who want to try out rl-protect for the first time.
rl-protect release notes
Changelog of product updates for the rl-protect tool.
Supported rl-protect commands
A reference guide of all commands and sub-commands supported by the rl-protect tool.
rl-profile configuration schema
Full schema of the rl-profile configuration file.