Sneak Peak into SafeDep Cloud Development and SQL Queries
Table of Contents
Software Bill of Material (SBOM) provides an inventory of all software components. However, they are useful only when a flexible query interface is built on top. In this post, we provide a #build-in-public preview of what we are building at SafeDep. We believe a flexible query interface on top of BOM solves important use-cases for OSS risk management and software supply chain security.
Register for SafeDep Cloud
Leverage the power of SafeDep cloud to build an organization wide SBOM, export as CycloneDX and execute flexible queries to discover actionable risks.
- vet
- sbom
- safedep-cloud
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines
A malicious npm package impersonating react-refresh, Meta's library with 42 million weekly downloads, was detected by SafeDep. The package injects a two-layer obfuscated dropper into runtime.js that...
Threat Modeling the AI-Native SDLC: Supply Chain Security in the Age of Coding Agents
AI agents are rewriting the software development lifecycle. From vibe coding to autonomous CI/CD, every phase now involves an LLM making decisions about your code and dependencies. Here is a threat...
How to Write Time-Based Security Policies in SafeDep vet
Protect against unknown malicious open source packages by enforcing a supply chain cooling-off period using the now() CEL function in SafeDep vet.
Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord
A malicious npm package impersonating the popular pino logger was detected by SafeDep. The package hides obfuscated code inside a legitimate library file to steal environment secrets and send them to...
Ship Code
Not Malware
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App