grype-contribs VS packj

Compare grype-contribs vs packj and see what are their differences.

grype-contribs

A set of resources around Anchore's grype tool (by opt-nc)
grype cve-search DevOps DevOps Tools Devsecops Docker docker-image gotemplate Infosec Productivity Reporting Security vulnerability-scanners Jq JSON
Source Code
dev.to
Suggest alternative
Edit details

packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain (by ossillate-inc)
Malware Npm Pypi Python Security security-audit security-tools Vulnerability Rubygems supply-chain-security malware-analysis Static Analysis vulnerability-scanners dynamic-analysis sandboxing DevOps developer-tools DevOps Tools Devsecops supply-chain
Source Code
packj.dev
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
grype-contribs packj
4 38
0 615
- 3.3%
3.8 7.2
21 days ago 30 days ago
Python
GNU General Public License v3.0 only GNU Affero General Public License v3.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

grype-contribs

Posts with mentions or reviews of grype-contribs. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-10-18.

packj

Posts with mentions or reviews of packj. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-14.
  • Rust Without Crates.io
    5 projects | news.ycombinator.com | 14 Nov 2023
    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • A Study of Malicious Code in PyPI Ecosystem
    4 projects | news.ycombinator.com | 8 Sep 2023
    Cool project. How do you feel about projects like OpenSSF scorecards or even the checks that socket.dev do today on these packages to help determine risk?

    https://github.com/ossillate-inc/packj/blob/main/.packj.yaml

    Secondly, what about impersonation where attackers imitate a popular package and its respective metadata?

  • How to use Podman inside of a container
    4 projects | news.ycombinator.com | 26 Apr 2023
    I built Packj [1] sandboxing for securing “pip/NPM install”. It uses strace for sandboxing and blocks access to sensitive files and limits traffic to known-good IP addresses.

    1. https://github.com/ossillate-inc/packj

  • NPM Provenance Public Beta
    5 projects | news.ycombinator.com | 19 Apr 2023
    Great work! This provenance check is going to be very valuable for enforcing supply-chain security. We are working on adding support to check for provenance in Packj.

    1. https://github.com/ossillate-inc/packj flags risky/malicious NPM/PyPI/Ruby dependencies

  • Show HN: TypeScript Security Scanner
    2 projects | news.ycombinator.com | 12 Apr 2023
    Cool project. Would love to integrate this in Packj [1] as one of the open-source SAST scanners. Will DM you.

    1. https://github.com/ossillate-inc/packj flags malicious/risky open-source dependencies.

  • Packj flags malicious/risky open-source packages
    1 project | news.ycombinator.com | 14 Feb 2023
  • Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
    1 project | news.ycombinator.com | 26 Jan 2023
    Very cool! I've built something similar, but for packages: https://github.com/ossillate-inc/packj Would love to talk.
  • Ask HN: What Are You Working on This Year?
    49 projects | news.ycombinator.com | 2 Jan 2023
    Working on a marketplace (based on Packj [1]) to allow open-source developers to make money by selling "assured" software artifacts.

    1. Packj https://github.com/ossillate-inc/packj flags malicious and other "risky" open-source dependencies in your software supply chain.

  • Compromised PyTorch-nightly dependency chain December 30th, 2022
    3 projects | news.ycombinator.com | 31 Dec 2022
    I’ve created Packj sandbox [1] for “safe installation” of PyPI/NPM/Rubygems packages

    1. https://github.com/ossillate-inc/packj

    It DOES NOT require a VM/Container; uses strace. It shows you a preview of file system changes that installation will make and can also block arbitrary network communication during installation (uses an allow-list).

  • Vulnerability scanner written in Go that uses osv.dev data
    7 projects | news.ycombinator.com | 16 Dec 2022
    Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.

    1. https://github.com/ossillate-inc/packj flags malicious/risky packages.

What are some alternatives?

When comparing grype-contribs and packj you can also consider the following projects:

sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

grype - A vulnerability scanner for container images and filesystems

paperclips - Universal Paperclips mirror

HomeBrew - 🍺 The missing package manager for macOS (or Linux)

meta - Meta discussions and unicorns. Not necessarily in that order.

termgraph - a python command-line tool which draws basic graphs in the terminal

maloss - Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

faraday - Open Source Vulnerability Management Platform

roqr - QR codes that will rock your world

firejail - Linux namespaces and seccomp-bpf sandbox

djinn - Source code for the Djinn CI platform

grype-contribs vs sbt-dependency-check packj vs kubesploit grype-contribs vs grype packj vs paperclips grype-contribs vs HomeBrew packj vs meta grype-contribs vs termgraph packj vs maloss grype-contribs vs faraday packj vs roqr packj vs firejail packj vs djinn