sdc-check
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
sdc-check
A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.
sdc-check Description
sdc-check is a dependency security analysis tool that identifies potential risks in project dependency lists and lock files. The tool performs multiple security checks on project dependencies: - Detects unsafe lock files where malicious actors could replace URLs with packages containing malicious code - Identifies packages that are too new, suggesting waiting before upgrading to allow community testing - Scans for installation scripts that could execute malicious commands during package installation - Detects obfuscated code within packages that may hide potentially malicious functionality - Identifies packages containing OS scripts (.bat/.sh files) that could execute malicious actions - Analyzes package scripts for dangerous shell commands like curl, wget, chmod, and cacls The tool helps developers assess the security posture of their project dependencies by flagging various risk indicators that could indicate supply chain attacks or malicious packages.
sdc-check FAQ
Common questions about sdc-check including features, pricing, alternatives, and user reviews.
sdc-check is A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.. It is a Application Security solution designed to help security teams with Dependency Scanning, Security Scanning, Package Security.
