GuardDog is a command-line interface tool designed to identify malicious packages in PyPI and npm repositories. The tool operates by running a set of heuristics on package source code through Semgrep rules and analyzing package metadata to detect potentially harmful components. The tool supports scanning both local and remote packages from PyPI and npm ecosystems. Users can scan the most recent version of a package or specify particular versions for analysis. GuardDog allows selective rule application, enabling users to run specific heuristics or exclude certain rules from the scanning process. Installation options include pip installation for Python environments or Docker container deployment. The Docker image provides cross-platform compatibility, with Windows systems requiring Docker as the only supported installation method. GuardDog can process various package formats including compressed archives and local directories containing packages. The tool provides flexibility in scanning approaches, allowing users to target individual packages or batch process multiple packages stored in local directories.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.