News
Checkmarx Announces Supply Chain Threat Intelligence for Faster, Easier Identification of Potential Threats
January 2023 by Marc Jacob
Checkmarx announced the immediate availability of Supply Chain Threat Intelligence™, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behaviour and more.
Based on proprietary research by Checkmarx Labs, Supply Chain Threat Intelligence offers:
• Identification of malicious packages by attack type such as dependency confusion, typosquatting, chainjacking and more
• Analysis of contributor reputation through identification of anomalous activity within open source packages
• Intelligence on the malicious behavior of packages, including static and dynamic analysis to understand how the code runs
• A data lake that allows the ongoing analysis of packages long after they have been deleted from package managers, with over one million packages scanned per month
Checkmarx’ Supply Chain Threat Intelligence incorporates the industry’s most complete threat intelligence research and employs machine learning, retro hunting, and cross-language hunting to identify even emerging threats.
How Supply Chain Threat Intelligence works
Checkmarx Supply Chain Threat Intelligence is delivered as an application programming interface (API) that is simple to integrate into many dashboards and development environments. Users obtain a unique token from Checkmarx, send in a package name and version and receive threat intelligence on the package.
The API helps developers and security professionals:
• Quickly and easily identify potential threats in open source packages
• Better understand the threat actor’s decision-making process
• Perform bulk queries to efficiently receive intel on large numbers of packages at once
• Stay ahead of cyber threats with real-time updates and alerts on new and emerging risks
• Gain valuable insights and context on detected threats to inform security decisions
