Y
Hacker News
new
|
ask
|
show
|
jobs
by
janice1999
36 days ago
How did you guys detect it? Do you use it internally or do you monitor popular packages?
1 comments
varunsharma07
36 days ago
We have built an AI Package Analyst
https://app.stepsecurity.io/oss-security-feed
and also monitor them using
https://github.com/step-security/harden-runner
for runtime behavior.
link