The OpenSSF has announced the creation of a new Malicious Packages repository — “the first open source system for collecting and publishing cross-ecosystem reports of malicious packages.”
According to the announcement, the repository was created in “response to the rising incidence of attacks that include malicious open source packages” and “has the potential to stop malicious dependencies from moving through CI/CD pipelines, refine detection engines, scan for and prevent usage in environments, or accelerate incident response.”
Read more at OpenSSF.
Contact FOSSlife to learn about partnership and sponsorship opportunities.
Comments