Description

This repo contains a few components to aid in the analysis of open source packages, in particular to look for malicious software.

For examples of what this project has detected, checkout the case studies.

This code is designed to work with the Package Feeds project, and originally started there.

The components are:

• A scheduler - creates jobs for the analysis worker from Package Feeds.
• Analysis (one-shot analyze and worker) - collects package behavior data through static and dynamic analysis of each package.
• A loader - pushes the analysis results into BigQuery.

The goal is for all of these components to work together and provide extensible, community-run infrastructure to study behavior of open source packages and to look for malicious software. We also hope that the components can be used independently, to provide package feeds or runtime behavior data for anyone interested.

Licenses

Languages

Tags

Reference

Related projects

• Similar
• Dependencies
• Dependents

News

• Releases
• CVEs
• News