Perplexity has introduced Bumblebee, an open-source, read-only scanner designed to enhance developer security by identifying risky packages and configurations on laptops. Unlike Chainguard, Bumblebee focuses on the developer's local environment, providing a proactive approach to software supply chain security without requiring AI or subscriptions.

• 01Bumblebee is an open-source tool that scans for risky packages, extensions, and AI configurations on developer machines running MacOS and Linux.
• 02The scanner targets four specific surfaces: language package managers, AI agent configurations, editor extensions, and browser extensions.
• 03Bumblebee operates in a read-only mode, ensuring that it does not execute potentially harmful scripts during scans.
• 04The tool integrates into existing workflows, allowing users to utilize their own threat intelligence catalogs.
• 05Bumblebee differs from Chainguard by focusing on local developer environments rather than securing containers and build outputs.

Bumblebee enhances the security posture of developers by identifying vulnerabilities on their machines, thereby reducing the risk of supply chain attacks.