Hacker Newsnew | past | comments | ask | show | jobs | submit | JakeMimoni's commentslogin

we made a tool that automates that process - https://trustd.dev

it will analyse open-source packages as you install them and tell you of any vulnerabilities before they are even on your system...

meaning it will detect problems in the libraries you aren't thinking about.


We just recently launched a free tool that helps python developers prevent exactly these type of issues.

Feel free to check it out: https://trustd.dev

we work preventatively, so as you download packages, the tool will analyse it and tell you of any issues found.

We’re looking to collaborate with devs to work out what features should be next.


First question is what the hell does this mean:

> As you install open-source packages, trustd will scan them and provide you with instant feedback on any problems.

What kind of scanning? Algorithmic? Based on human review? If we're outsourcing trust to you, I'd want to know a lot more.

And "we use Slack instead of a dashboard" doesn't sound terribly appealing. I'd want a dashboard and a range of notification options (for me email > Slack. Others may differ)


might not have explained it the best I could have haha..

It means as you pull packages in from NPM et al, the analysis goes to work, telling you of any known vulnerabilities, or any license in-compliance.

With regards to Slack, we are hearing that a lot, it isn't the best mechanism for providing this feedback, and we are working on alternatives now, including email.

Happy to answer any more questions on here or reach out jake@418sec.com


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: