pypi auto scanner

A github action that periodically fetches the latest pypi packages and scans them using a variety of methods:

Datadog's guarddog tool (which uses semgrep rules to run static analysis on source code)
custom yara rules
running file and detection binary executables
Sysdig+tcpdump dynamic analysis during install time

Note that the above techniques work well for NPM as well! A NPM equivalent of this repo will be available soon in the future.

Currently stores the JSON report in github action artifacts, *.txt files with a bunch of potentially malicious package names, and raises issues when suspicious packages are found.

Name		Name	Last commit message	Last commit date
Latest commit History 20,175 Commits
.github/workflows		.github/workflows
reports		reports
sysdig_ioc_extractor		sysdig_ioc_extractor
LICENSE		LICENSE
README.md		README.md
close_issues.py		close_issues.py
detect_sus_file_formats.sh		detect_sus_file_formats.sh
fetch_latest_report.sh		fetch_latest_report.sh
get_packages.py		get_packages.py
high_risk_pkgs.csv		high_risk_pkgs.csv
new.txt		new.txt
new_sus_files.txt		new_sus_files.txt
new_yara_results.txt		new_yara_results.txt
parse-semgrep-json.py		parse-semgrep-json.py
raise_high_risk_pkgs.py		raise_high_risk_pkgs.py
raise_sus_heuristics.py		raise_sus_heuristics.py
requirements.txt		requirements.txt
secrets.jsonl.txt		secrets.jsonl.txt

License

h4sh5/pypi-auto-scanner

Folders and files

Latest commit

History

Repository files navigation

pypi auto scanner

About

Topics

Resources

License

Stars

Watchers

Forks

Languages