macos security app

Bumblebee GUI - a macOS graphical interface wrapper for bumblebee

A native macOS wrapper for Bumblebee — Perplexity's open-source supply chain threat scanner.

Bumblebee for macOS — a native GUI for Perplexity’s supply-chain scanner

Earlier this month, Perplexity AI released bumblebee, an open-source command-line tool that scans your project dependencies and system packages against a threat intelligence catalogue, flagging malicious or suspicious packages before they end up in production.

This tool is genuinely useful with the huge upswing in supply-chain attacks recently. The problem is that the raw output is a stream of JSON, which is not something most developers want to sift through manually. So I built a native macOS wrapper for it.

What it does

Bumblebee for macOS gives you a point-and-click interface over the same engine. Pick a folder, choose a scan profile, click Scan. Results come back with colour-coded severity badges, grouped by ecosystem, so you can see at a glance whether anything needs attention.

There are three scan profiles:

  • Project — scans dependency manifests in the selected folder: package.json, requirements.txt, go.mod, Gemfile, and so on. The right choice for auditing a specific codebase.
  • Baseline — scans system-wide package managers (pip, npm, Homebrew, gem, and others). Useful for auditing a developer workstation or build server.
  • Deep — recursively walks every file in the selected folder. The most thorough option, and the slowest.

A few other things worth noting:

  • Cancel at any time. If you kick off a deep scan on a large monorepo and change your mind, you can cancel mid-run. Partial results are preserved and clearly marked as incomplete, so you are not left wondering whether a clean result actually means clean.
  • Per-ecosystem filtering. For large package sets, ecosystems with over 100 packages show a live search field so you can drill down quickly.
  • Threat intel updates. The app checks for updated threat intelligence on every launch and can apply it in-app, without a rebuild or reinstall.
  • Export to Markdown. Once a scan completes, you can save the full results as a Markdown report with ⌘S, ready to paste into a ticket or attach to a PR review.
  • Universal binary. Runs natively on Apple Silicon and Intel.

Why I built it

I use bumblebee as part of security reviews for clients. The CLI is perfectly capable, but having a proper macOS app makes it easier to include as a routine step in a workflow without needing to context-switch to a terminal and parse JSON. It also means I can hand it to a client and have them run it themselves.

Getting it

Download the signed and notarised DMG: BumblebeeGUI-2.3.dmg

The source is on GitHub at kai-h/bumblebee-gui. If you want to build from source, clone the repo, run setup.sh to pull down the bumblebee binaries, and open the Xcode project. macOS 14 Sonoma or later is required.

The app is an independent project and is not affiliated with Perplexity AI. The underlying bumblebee engine is licensed under the Apache 2.0 licence.

If you find it useful, or run into anything that does not work as expected, feel free to open an issue on GitHub or reach out directly at [email protected].

Related Services

Need support with this in your environment?

These services cover the same kinds of issues discussed in this article.

Keep This Useful

Spotted something outdated or unclear?

If a step has changed, a screenshot no longer matches, or something here just does not work the way it should, get in touch and we will take a look.