maloss
osv-scanner
maloss | osv-scanner | |
---|---|---|
3 | 10 | |
106 | 5,856 | |
- | 1.5% | |
0.0 | 9.6 | |
over 1 year ago | 3 days ago | |
Java | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
maloss
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
-
Vulnerability scanner written in Go that uses osv.dev data
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
- PyPI: Python packets steal AWS keys from users
osv-scanner
- An Intro to SBOMs
- SBOM and dependencies check tool and vulnerabilities database from Google
- OSV-Scanner: A vulnerability scanner written in Go which uses the data provided by OSV.dev
-
Vulnerability scanner written in Go that uses osv.dev data
- Building a high quality C/C++ vulnerability database.
You can follow the two linked issues here: https://github.com/google/osv-scanner/issues/82 for updates!
- OSV-Scanner
- google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
-
Google Launches Largest Distributed Database of Open Source Vulnerabilities
Link to the official GitHub repo: https://github.com/google/osv-scanner
What are some alternatives?
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
pypi_malware - PyPI malware packages
betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
melange - build APKs from source code
osv.dev - Open source vulnerability DB and triage service.
software-supply-chain-compromises - A dataset of software supply chain compromises. Please help us maintain it!
apko - Build OCI images from APK packages directly without Dockerfile