How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

pip-audit

22 920 8.8 Python

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

https://pypi.org/project/pip-audit/ details usage and the GitHub Action install.

cli

12 99 9.2 Rust

Command line interface for the Phylum API (by phylum-dev)

cli - uses sandbox to block packages during installation, performs pre-install checks to determine (by hitting the API) if the package performs actions congruent with malware, e.g. phylum pip install requests will use pip wrapped by the sandbox to install requests after verifying that it doesn't have malware like behavior.

InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Show HN: One makefile to rule them all

3 projects | news.ycombinator.com | 19 Oct 2023
pip-audit - a tool for scanning Python environments for packages with known vulnerabilities

1 project | /r/bag_o_news | 5 Dec 2021
Find malicious Python packages with one command

1 project | news.ycombinator.com | 4 Dec 2021
pip-audit: a tool for identifying Python packages with known vulnerabilities

1 project | /r/pythoncoding | 1 Dec 2021
A tool for scanning Python environments for known vulnerabilities

1 project | /r/CKsTechNews | 1 Dec 2021

How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files

This page summarizes the projects mentioned and recommended in the original post on /r/Python
Security supply-chain Rust security-audit Python
Post date: 2 May 2023

pip-audit

cli

InfluxDB

Related posts

Show HN: One makefile to rule them all

pip-audit - a tool for scanning Python environments for packages with known vulnerabilities

Find malicious Python packages with one command

pip-audit: a tool for identifying Python packages with known vulnerabilities

A tool for scanning Python environments for known vulnerabilities

How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files

This page summarizes the projects mentioned and recommended in the original post on /r/Python Security supply-chain Rust security-audit Python Post date: 2 May 2023

pip-audit

cli

InfluxDB

Related posts

Show HN: One makefile to rule them all

pip-audit - a tool for scanning Python environments for packages with known vulnerabilities

Find malicious Python packages with one command

pip-audit: a tool for identifying Python packages with known vulnerabilities

A tool for scanning Python environments for known vulnerabilities

This page summarizes the projects mentioned and recommended in the original post on /r/Python
Security supply-chain Rust security-audit Python
Post date: 2 May 2023