Supply chain security
for your website.
Every third-party script, CDN dependency, and npm package your site loads is a potential attack vector. Kuality audits all of them — flagging vulnerable versions, suspicious origins, and license risks before they reach production.
What gets audited
Kuality renders your site in a real browser and audits everything it loads — no config files, no package.json required.
JavaScript Packages
Detects npm packages loaded via CDN or bundled into your JS, checks each against the NVD CVE database.
External Scripts
Flags scripts loaded from third-party origins — tracking pixels, chat widgets, analytics — and checks for known malicious hashes.
License Risk
Identifies GPL, AGPL, and proprietary licenses in your dependency tree that could create legal exposure.
Outdated Versions
Surfaces packages running behind the latest stable release, prioritized by severity of changes since your version.
Integrity Checks
Verifies Subresource Integrity (SRI) hashes for CDN assets and flags scripts without integrity attributes.
Risk Score
Aggregates findings into a 0–100 supply chain quality score you can gate CI/CD deployments on.
Gate your CI/CD on supply chain quality
Use the Kuality CI API to block deployments when your supply chain score drops below a threshold or a new high-severity CVE appears.
curl -sf -X POST https://kuality.io/api/v1/gates/evaluate \
-H "Authorization: Bearer $KUALITY_TOKEN" \
-H "Content-Type: application/json" \
-d '{"target":"https://example.com","scan_types":["supplychain"],"max_high":0}'
Free plan. No credit card. No install.