How Malware Early Warning works
Last updated
Last updated
How MEW works
This service starts by continuously monitoring public registries to identify suspicious packages immediately upon publication. When a potential threat is detected, it is automatically isolated, preventing it from infiltrating your development environment or the wider software supply chain.
The quarantined package is then reviewed by Xygeni's security engineers to verify the threat. If the threat is confirmed, it is reported to the registry for further validation and public disclosure. This multi-layered verification process ensures that only verified threats are acted upon, minimizing false positives and ensuring accurate threat detection.
The Malware Early Warning service also includes immediate notifications to affected users. These notifications are sent through various channels such as email, messaging platforms, and webhooks, ensuring the customers are promptly informed of any threats. This rapid response capability allows you to mitigate risks immediately and protect your software projects from potential harm.
In addition to notification and quarantine, the Malware Early Warning service provides a detailed process for handling detected threats. This includes confirming the threat with the public registry, safely disposing of the malicious package and publicly disclosing the threat to inform the wider community.
Malware Early Warning provides robust mechanisms to protect the software development lifecycle from integrating malicious code into the application.
In this scenario, the build pipeline continues successfully with the safe component version. However, if a new malicious version of the component is released, Malware Early Warning kicks into action.
A real-time scan of public registries identifies new packages and updates to existing ones. Xygeni analyzes them for suspicious code and notifies the customer immediately about the detected malware evidence and advances in the process. Furthermore, it marks the component version as malware and puts it in quarantine to protect the SDLC infrastructure and build and delivery processes.
This technology can also be integrated with private registries to create a blacklist, blocking malicious components from entering your organization.
Continuous monitoring, real-time threat detection, and instant blocking mechanisms work together to safeguard the software supply chain's integrity and security, protecting both the organization's applications and end-user security.
The process begins when a developer introduces a new dependency into the project. The risk appears if there is no version pinning to ensure that an exact dependency version is specified and used in the build process. Xygeni will raise an issue if the version is un-pinned (see ), indicating that any component update will be integrated immediately into the application, which might introduce vulnerabilities or malware.
The security checks (see ) in the CI/CD pipelines detect the component as malicious. They can implement mechanisms to block the build process to ensure only secure dependencies are used. Taking preemptive measures prevents the deployment of compromised dependencies, thus avoiding infections and eliminating the need to fix this later.