
Eliminating SCA Noise using Dependency Usage Evidence
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
This is a talk given at Accel Cyber Security Summit 2024 about securing the open source software supply chain using SafeDep vet. This talk highlights a case study of using policy as code for setting up guardrails