Malicious Open Source Library Analysis: llm-oracle and its Payload
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
SafeDep Blog
Follow for the latest updates and insights on open source security & engineering.
How a Security Team use Policy as Code for Open Source Security
This is a talk given at Accel Cyber Security Summit 2024 about securing the open source software supply chain using SafeDep vet. This talk highlights a case study of using policy as code for setting up guardrails
SQL Query Interface over SBOM using SafeDep Cloud
This is a '#buildinpublic' update for SafeDep Cloud Development. UI often becomes a bottleneck for developer tools causing friction. We want to overcome it by providing an SQL query interface of SBOM and security metadata.
Why Open Source Risks are Larger than SCA Tools
Open Source Software is critical. However it often comes with inherited risks that are larger than what can be tackled by conventional Software Composition Analysis (SCA) tools.
Sneak Peak into SafeDep Cloud Development and SQL Queries
Software Bill of Material (SBOM) provides an inventory of all software components. However, they are useful only when a flexible query interface is built on top.
Safe and Secure Consumption of Open Source Libraries
Open Source software is the foundation of modern software projects. Any software written today consists of 70-90% of open source code in form of libraries and other components.