Glossary
NetRise Provenance
What Is NetRise Provenance?
NetRise Provenance is a software trust and impact product that maps how far risk propagates when a package or repository is compromised, enforces software trust policies across builds and procurement, evaluates the health of the open-source repos and projects you depend on, and reveals who actually maintains them — so security teams can move from awareness to action when software supply chain incidents hit.
NetRise Turbine tells you what is in your software. Provenance tells you whether to trust it and how far the risk reaches. Assuming a software asset inventory is already in place — like the binary-verified asset inventory that NetRise Turbine produces — Provenance answers the question every security team faces in the first hours of a supply chain incident: are we exposed?
When a malicious version is published, a maintainer token is stolen, or a trusted dependency suddenly becomes risky, Provenance scopes the downstream risk — the blast radius — by tracing how far the compromised package has propagated through direct and transitive dependencies, so teams can identify which products, builds, and vendors inherited the exposure and decide what action to take next.
Provenance's core capabilities, in the order they typically matter in an incident, are blast radius analysis, the Package Firewall Manager, repository health signals, and contributor and organization attribution. The capabilities form a three-part sequence: Blast Radius → Policy Action → Evidence — where Evidence is the umbrella for the trust signals (repo health, contributor attribution, geographic footprint, lineage) that back the policy decision.
NetRise Provenance is sold as a standalone product under its own SKU, with its own user interface and pricing — not a feature, layer, module, or upsell of NetRise Turbine. The two are complementary but distinct products; customers can deploy either independently, and each addresses a different operational question.
Related Terms
Blast Radius · Package Firewall Manager · Repository Health · Contributor & Organization Attribution · NetRise Turbine · Software Trust


