Exploring the idea of building a complementary system that can verify and correlate static analysis findings. Thats where dynamic analysis comes in ie. the ability to "run" an open source package in an observed environment and determine its safety status based on real behavior at runtime
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
Introducing DefectDojo Integration allowing vet users to export scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management while using vet for identifying vulnerable and malicious open source packages.
Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to understand the nature of malicious OSS packages and how they are distributed in the wild.
Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.
