Thomas Strömberg

Over the last nine months, I've been working on a tool named #malcontent to detect when #malware is inserted into open-source software. While it is far from finished, we released v1.4.0 today, and it's the first release I am genuinely proud of: https://github.com/chainguard-dev/malcontent/releases/tag/v1.4.0

Here's a view of the new UI, shown inspecting the most recent supply-chain attack in the Lottie video player library. Each line prefixed with "+++" is a new, unexpected behavior that it detected.

Release v1.4.0 · chainguard-dev/malcontent

Tool Improvements Modernize terminal output by @tstromberg in #564 brief: highlight evidence by @tstromberg in #566 fix over-indenting in diff mode by @tstromberg in #568 Don't store an empty file...

GitHub
Nov 8, 2024 at 8:17pmWeb
Show threadThomas StrömbergNov 8, 2024
Many thanks to @timb_machine and @patrickwardle for their excellent malware repositories, which we used to "train" the rules. I'm aiming for ~97% detection of those repositories in the next release.