Monday, May 2, 2022

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the
http://dlvr.it/SPd5Jw

No comments:

Post a Comment

GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This mea...