Suspect Deps Scanner Configuration

Suspect Deps Scanner Configuration

The Misconfigurations Scanner is configured in the YAML file conf/xygeni.suspectdeps.yml

Suspect Deps Detectors Configuration

The kind of detectors for this scanner report potential known attacks to software dependencies, like dependency confusion or typosquatting for the vulnerable ecosystems.

In addition, public components exhibiting certain traits like presence of certain installation scripts, anomalies in the commit patterns, the component’s project metadata, or the provenance of its maintainers could also hint on a potential malicious component. Private components with no scope / namespace are also reported as suspect.

External security advisories and security teams may also report known malware components.