software-supply-chain-compromises
A dataset of software supply chain compromises. Please help us maintain it! (by IQTLabs)
dockerify
Run any CLI command in a docker container (by paskozdilar)
software-supply-chain-compromises | dockerify | |
---|---|---|
2 | 1 | |
106 | 0 | |
- | - | |
4.6 | 0.0 | |
over 1 year ago | almost 2 years ago | |
Shell | ||
Creative Commons Zero v1.0 Universal | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
software-supply-chain-compromises
Posts with mentions or reviews of software-supply-chain-compromises.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-26.
-
PyPI: Python packets steal AWS keys from users
Sure. Please email me (in profile) for the list. You can also look at the following resources for malware samples:
1. https://github.com/IQTLabs/software-supply-chain-compromises
-
Counting Broken Links: A Quant's View of Software Supply Chain Security
The third author made available "Software Supply Chain Compromises - A Living Dataset" here: https://github.com/IQTLabs/software-supply-chain-compromises
dockerify
Posts with mentions or reviews of dockerify.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-26.
-
PyPI: Python packets steal AWS keys from users
I hacked up a bash script for running arbitrary command in docker container, mounting only PWD. It traces dynamic libraries through ldd and creates a new image for each unique command. I got it working for ffmpeg:
https://github.com/paskozdilar/dockerify
I might try to optimize it a little bit later, perhaps bind-mount dynamic libraries instead of creating a new image for each command.
What are some alternatives?
When comparing software-supply-chain-compromises and dockerify you can also consider the following projects:
maloss - Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
pypi_malware - PyPI malware packages
firejail - Linux namespaces and seccomp-bpf sandbox
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain