The Open Source Security Foundation (OpenSSF) has made available a prototype of a package analysis tool that has already identified more than 200 malicious packages uploaded to PyPI and npm software components. Caleb Brown, an OpenSSF maintainer of the project, said the goal is to understand the behavior and capabilities of packages available on open […]
The post OpenSSF Adds Open Source Package Analysis Tool Prototype appeared first on DevOps.com.
Source: DevOps.com