ReliQuery.io - Your Python Package Firewall

Block Source Package Downloads

80% of supply chain attacks occur through source packages, but how do you consistenlty control access to them?

With ReliQuery, we give you the option to toggle the ability to download source packages. No more are the days of accidental security breaches from mistyped routine or required packages.

If you wish to have a source package while still blocking general access source downloads, you may personally download the package outside of your ReliQuery and upload it so that the package is then pulled from your local rather than you upstream.

Customizable Download Permissions

Do you want to automatically monitor what packages your development team does and doesn't have access to?

With ReliQuery, you can set granular download permissions for each user or group within your repository, controlling access levels for enhanced security.

Using explict allows or denys, you can whitelist or blacklist any package from your upstream on a per user and/or per ReliQuery basis. Utilizing the chaining of repositories, you can attain a high level of customization and specificity over your users download permissions.

Maximum Vulnerability Score

Sometimes packages come with some minor vulnerabilities, and some come with major vulnerabilities but how do you choose just how vulnerable you're willing to let your packages be?

With ReliQuery, you can define a maximum CVSS score to automatically block any package with a higher vulnerability score, ensuring your dependencies are safe.

By default, we block packages labeled as "CRITICAL" or 9.0 CVSS score, but should you wish you can edit or even delete this blocker. (although we don't recommend deleting it)

Automatic Malicious Package Blocking

PyPI is riddled with malicious packages and malware lurking dark corners, but how do you avoid them?

Simple answer, you don't have to! Our system automatically detects and blocks known malicious Python packages, providing continuous protection without intervention.

We protect you under the covers with every new installation. If a package matches one in our database of malicious packages, we'll prevent download automatically. There's no toggling and no hassle. We'll keep you safe without you even knowing.