software-supply-chain-compromises
A dataset of software supply chain compromises. Please help us maintain it! (by IQTLabs)
maloss
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages (by osssanitizer)
software-supply-chain-compromises | maloss | |
---|---|---|
2 | 3 | |
106 | 106 | |
- | - | |
4.6 | 0.0 | |
over 1 year ago | over 1 year ago | |
Java | ||
Creative Commons Zero v1.0 Universal | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
software-supply-chain-compromises
Posts with mentions or reviews of software-supply-chain-compromises.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-26.
-
PyPI: Python packets steal AWS keys from users
Sure. Please email me (in profile) for the list. You can also look at the following resources for malware samples:
1. https://github.com/IQTLabs/software-supply-chain-compromises
-
Counting Broken Links: A Quant's View of Software Supply Chain Security
The third author made available "Software Supply Chain Compromises - A Living Dataset" here: https://github.com/IQTLabs/software-supply-chain-compromises
maloss
Posts with mentions or reviews of maloss.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-16.
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
-
Vulnerability scanner written in Go that uses osv.dev data
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
- PyPI: Python packets steal AWS keys from users
What are some alternatives?
When comparing software-supply-chain-compromises and maloss you can also consider the following projects:
dockerify - Run any CLI command in a docker container
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
pypi_malware - PyPI malware packages
osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
firejail - Linux namespaces and seccomp-bpf sandbox
melange - build APKs from source code
apko - Build OCI images from APK packages directly without Dockerfile
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
software-supply-chain-compromises vs dockerify
maloss vs packj
software-supply-chain-compromises vs pypi_malware
maloss vs osv-scanner
software-supply-chain-compromises vs firejail
maloss vs pypi_malware
software-supply-chain-compromises vs packj
maloss vs dockerify
maloss vs melange
maloss vs apko
maloss vs trivy
maloss vs firejail