|
|
|
|
|
|
by tmd83
1199 days ago
|
|
|
I wonder what languages it support for language libraries or is it just limited to linux packages? Say java, js etc. ? Is it marking something active on access or actually checking execution? On execution doesn't work for at least js payload on the other hand on access would add to noise say for an ls. |
|
|
You're right that the active/dormant detection needs to be customized per type of runtime. It ends up being a mix of both access and execution, and we'll get more sophisticated with eBPF over time. We cover rpm/deb, python and java with the node and others coming very soon. The compiled languages will be our main focus next. For example, Go binaries embed some dependency metadata in the binary itself.
Also related to this effort is the "in-toto" integrity chain: https://in-toto.io/in-toto/ Since we're already connecting build to run, we aim to complete the chain.