ReversingLabs
Software supply chain security solutions
Threat intelligence software
Malware analysis tools
Software composition analysis tools
Static application security testing (SAST) software
System security software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if ReversingLabs and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Energy and utilities
- Public sector and nonprofit organizations
- Banking and insurance
What is ReversingLabs
ReversingLabs is a software supply chain security and threat intelligence platform focused on identifying malicious code and risky components across software artifacts. It analyzes files such as executables, libraries, containers, and packages to support use cases like third-party risk assessment, malware detection, and CI/CD pipeline gating. The product emphasizes deep file inspection and malware classification using a large repository of analyzed samples and extracted metadata. It is typically used by security operations, threat intelligence teams, and application security/DevSecOps groups that need artifact-level visibility beyond dependency manifests.
Deep artifact and binary analysis
The platform inspects software artifacts at the file level, including binaries and compiled components that are not well covered by manifest-only approaches. It extracts rich metadata (e.g., file structure, embedded resources, relationships) to support higher-fidelity detection and investigation. This is useful for identifying suspicious behavior in packaged software, installers, and opaque third-party deliverables. It also supports workflows where organizations must validate vendor software before deployment.
Threat intelligence and classification
ReversingLabs maintains threat intelligence derived from large-scale file analysis and malware research, which can improve detection and triage. It provides classification and reputation-style context that helps analysts prioritize alerts and understand likely intent. This supports SOC and threat hunting workflows where teams need more than a CVE list to assess risk. The intelligence focus differentiates it from tools centered primarily on developer remediation.
Integrations for security operations
The product is commonly deployed as part of security operations and supply chain risk programs, where it can feed detections into existing security tooling. It supports use cases such as pre-production artifact screening and ongoing monitoring of software repositories. This helps organizations standardize checks across multiple artifact types and sources. It is particularly relevant for enterprises that ingest large volumes of third-party software.
Less developer-first remediation
Compared with developer-centric application security platforms, ReversingLabs is more oriented toward artifact inspection and security operations workflows. It may provide less guidance for code-level fixes, pull-request annotations, and developer experience features that teams expect in day-to-day engineering. Organizations may still need complementary tools for developer remediation and policy enforcement in source control. This can increase the number of tools required for end-to-end DevSecOps coverage.
SAST and SCA scope varies
While it is used in software supply chain security, it is not primarily positioned as a full SAST suite or a traditional SCA tool focused on open-source dependency graphs and remediation. Teams looking for broad language coverage, IDE integrations, and detailed fix PR automation may find gaps depending on their requirements. Coverage can be strongest when scanning built artifacts rather than source code. Buyers should validate how it maps to their specific SAST/SCA definitions and workflows.
Operational complexity and tuning
Deep file analysis and intelligence-driven detections can require tuning to align with an organization’s risk tolerance and reduce noise. Deployment may involve integrating multiple artifact sources (registries, repositories, build outputs) and defining gating policies. This can add operational overhead compared with simpler scanners. Larger environments may need dedicated ownership to manage rules, exceptions, and investigation processes.
Plan & Pricing
Pricing model: Not publicly listed on ReversingLabs website. Available via AWS Marketplace / Azure Marketplace (pay-as-you-go) or by contacting ReversingLabs sales/partners for enterprise licensing.
Free tier/trial: 14-day free trial available for Spectra Assure and Spectra Analyze (no credit card required).
Example costs: Not published on vendor site.
Discount/options: Not published on vendor site; customers are directed to contact sales or partners for quotes and volume/term discounts.
Seller details
ReversingLabs, Inc.
Cambridge, Massachusetts, USA
2009
Private
https://www.reversinglabs.com/
https://x.com/reversinglabs
https://www.linkedin.com/company/reversinglabs/
