Eliminating SCA Noise using Dependency Usage Evidence
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
Blog
Follow for the latest updates and insights on
open source security & engineering.
Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
Malicious Open Source Library Analysis: llm-oracle and its Payload
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.
What is Next Generation Software Composition Analysis?
Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?
npm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.
