maloss
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages (by osssanitizer)
software-supply-chain-compromises
A dataset of software supply chain compromises. Please help us maintain it! (by IQTLabs)
maloss | software-supply-chain-compromises | |
---|---|---|
3 | 2 | |
106 | 106 | |
- | - | |
0.0 | 4.6 | |
over 1 year ago | over 1 year ago | |
Java | ||
MIT License | Creative Commons Zero v1.0 Universal |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
maloss
Posts with mentions or reviews of maloss.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-16.
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
-
Vulnerability scanner written in Go that uses osv.dev data
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
- PyPI: Python packets steal AWS keys from users
software-supply-chain-compromises
Posts with mentions or reviews of software-supply-chain-compromises.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-26.
-
PyPI: Python packets steal AWS keys from users
Sure. Please email me (in profile) for the list. You can also look at the following resources for malware samples:
1. https://github.com/IQTLabs/software-supply-chain-compromises
-
Counting Broken Links: A Quant's View of Software Supply Chain Security
The third author made available "Software Supply Chain Compromises - A Living Dataset" here: https://github.com/IQTLabs/software-supply-chain-compromises
What are some alternatives?
When comparing maloss and software-supply-chain-compromises you can also consider the following projects:
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
dockerify - Run any CLI command in a docker container
osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
pypi_malware - PyPI malware packages
firejail - Linux namespaces and seccomp-bpf sandbox
melange - build APKs from source code
apko - Build OCI images from APK packages directly without Dockerfile
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
maloss vs packj
software-supply-chain-compromises vs dockerify
maloss vs osv-scanner
software-supply-chain-compromises vs pypi_malware
maloss vs pypi_malware
software-supply-chain-compromises vs firejail
maloss vs melange
software-supply-chain-compromises vs packj
maloss vs apko
maloss vs trivy
maloss vs dockerify
maloss vs firejail