· SafeDep Team
Malicious npm Package Impersonating Popular Express Cookie Parser
A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.
Tag: vet
· SafeDep TeamMalicious npm Package Impersonating Java SLF4J
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
· SafeDep TeamMalicious Open Source Library Analysis: llm-oracle and its Payload
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
· SafeDep TeamHow a Security Team use Policy as Code for Open Source Security
This is a talk given at Accel Cyber Security Summit 2024 about securing the open source software supply chain using SafeDep vet. This talk highlights a case study of using policy as code for setting up guardrails
· SafeDep TeamSQL Query Interface over SBOM using SafeDep Cloud
This is a '#buildinpublic' update for SafeDep Cloud Development. UI often becomes a bottleneck for developer tools causing friction. We want to overcome it by providing an SQL query interface of SBOM and security metadata.
· SafeDep TeamSneak Peak into SafeDep Cloud Development and SQL Queries
Software Bill of Material (SBOM) provides an inventory of all software components. However, they are useful only when a flexible query interface is built on top.
