-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- Building a high quality C/C++ vulnerability database.
You can follow the two linked issues here: https://github.com/google/osv-scanner/issues/82 for updates!
Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.
1. https://github.com/ossillate-inc/packj flags malicious/risky packages.
Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.
We open sourced a few tools that do it automatically for containers:
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange
Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.
We open sourced a few tools that do it automatically for containers:
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange
I like trivy[1] a lot. Nice to see more alternatives like this.
1. https://github.com/aquasecurity/trivy
We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).
Related posts
-
Docker image vulnerabilities scanning trivy vs synk.io
-
Docker image vulnerabilities scanning trivy vs synk.io
-
Free tool for generating SBOM and CVEs against source or binaries
-
Improving your CI/CD Pipeline: Helm Charts Security Scanning with Trivy and GitHub Actions
-
v0.33.0 · Discussion #3077 · aquasecurity/trivy