It sits between your artifact repository and the public registries (npm, PyPI, Maven Central) and makes a security decision on each package — with a very minimum overhead your CI/CD pipelines and ...