Introducing Container Image Scanning
Introducing Container Image Scanning, a new feature in vet to identify vulnerabilities and malicious packages in container images.
Blog
Follow for the latest updates and insights on
open source security & engineering.
Catching the Silent Threat: How Dynamic Analysis Revealed a Complex npm Attack Chain
Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during...
Dynamic Malware Analysis of Open Source Packages at Scale
Exploring the idea of building a complementary system that can verify and correlate static analysis findings. Thats where dynamic analysis comes in ie. the ability to "run" an open source package in...
Software Bill of Materials: Foundation for Trust in Software Supply Chain
Modern software rarely ships as a single, hand-crafted binary. Instead, it is assembled from hundreds, sometimes thousands of third-party components that evolve on their own schedule. Knowing exactly...
Introducing Package Manager Guard (PMG)
Introducing Package Manager Guard (PMG), a new tool to protect developers from malicious packages at the time of installation. Seamless integration with popular package managers like npm, pnpm etc.
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.
