python package index – PossibleThreat Articles

A scanning tool for open-sourced software packages? Yes, please!

May 9, 2022 0 Comments bigquery, caleb brown, Google, npm, open source security foundation, open source security team, open-sourced software, openssfmpypi, oss, package analysis, python package index, rust, security world, slsa, supply chain levels for software artifacts

Credit to Author: Malwarebytes Labs| Date: Mon, 09 May 2022 10:49:02 +0000

OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories.

The post A scanning tool for open-sourced software packages? Yes, please! appeared first on Malwarebytes Labs.

Security Sophos

Machine-raiding Python libraries squashed by community

December 5, 2019 0 Comments malicious payload, malware, python, python package index, python3-dateutil, security threats

Credit to Author: Danny Bradbury| Date: Thu, 05 Dec 2019 16:55:04 +0000

Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/84sg5-2L6eI” height=”1″ width=”1″ alt=””/>