Checkmarx One Malicious Package Protection is a software composition analysis tool that identifies malicious open-source packages throughout the software development lifecycle. The product scans manifest files, binaries, and containers to detect packages containing malware or exhibiting suspicious behavior. The tool maintains a database of over 410,000 malicious packages identified through multi-layered package analysis methodologies. It detects all open-source packages in use, including transitive dependencies, and cross-references them against this database. The product provides package reliability metrics that rate the trustworthiness of open-source packages based on package legitimacy, behavioral integrity, and contributor reputation. It operates across pre-production and runtime environments, with the ability to correlate runtime usage data to prioritize remediation efforts. Automated policy enforcement capabilities allow organizations to configure actions when malicious packages are detected, including sending alerts, generating incident reports, preventing pull requests, and breaking builds. The tool integrates into development workflows to identify and block malicious packages before they are installed in development environments or pushed to code repositories. The product is part of the Checkmarx One platform and provides visibility into open-source security risks across the application security lifecycle.