When malicious packages are hiding in your code base, your organization is at risk. Get full protection from malicious packages in your existing code and your new applications. The power of Mend.io 360° Malicious Package Protection is now available for all Mend SCA users.
Malicious open source packages have become one of the fastest-rising risks in application security, with the number of new malicious packages discovered rising 79 percent from Q2 to Q3 2022.
Leveraging typosquatting, dependency confusion, or other techniques, attackers can infiltrate your applications in development, using malicious packages to harvest information, deploy botnets, or hijack your systems to mine cryptocurrencies.
Unlike vulnerabilities, which can sometimes be low-impact or difficult to exploit, malicious packages pose real risks to your organization from the moment they are downloaded. They are like malware. It’s never acceptable to release software that contains malicious packages.
To avoid financial and reputational damage to your organization and your customers, your organization needs full visibility over your open source software, with highly accurate identification of malicious packages.
The best time to stop malicious packages is before they enter your code base. With Mend SCA, organizations can block malicious packages from being downloaded or added to your artifact registry, ensuring that they can never enter your repositories or releases.
Using Mend.io’s Artifactory plugin for your entire organization — or our Supply Chain Defender plugin for your individual developers’ package managers -– you can ensure that malicious code never enters your code base.
Blocking malicious packages from entering new code is the best way to keep your organization safe from these risks. But what about existing applications, built before you had blocking capabilities?
Mend SCA now scans your application code not only for vulnerabilities and licensing issues, but also for malicious RubyGems and npm packages. When malicious open source software is discovered in your existing code, Mend SCA can help you identify every instance of the malicious package and eliminate it rapidly, everywhere it exists.
Mend.io researchers are dedicated to identifying malicious packages with complete accuracy. In 2022, Mend.io’s detection rate for malicious RubyGems packages was 100 percent, with 99.8 percent detection for npm.
With Mend 360° Malicious Package Protection implemented across the software development life cycle, fear of malicious open source packages can be a thing of the past.