⌘K

Change language Switch ThemeSign In

Narrow Mode

Seeking Recommendations for Malicious Dependency Scanning Tools

Seeking Recommendations for Malicious Dependency Scanning Tools

@GergelyOrosz

What are vendors that offer scanning of PRs or repos to protect against malicious dependencies?

I know of Sonar (Advanced Security), Socket .dev, JFrog. What else do you know of or use and what does it do?

(At some point, you want more than just pinning an old package version)

Apr 5, 2026, 10:44 AM View on X

17 Replies

4 Retweets

37 Likes

8,806 Views  Gergely Orosz @GergelyOrosz

One Sentence Summary

Gergely Orosz crowdsources recommendations for tools that scan PRs or repositories to protect against malicious dependencies.

Summary

The author asks for vendor recommendations for automated security scanning of pull requests and repositories to mitigate supply chain attacks, specifically looking for alternatives beyond simple version pinning. This query aims to identify robust solutions for dependency management.

AI Score

82

Influence Score 22

Published At Today

Language

English

Tags

Security

Supply Chain Security

DevSecOps

Dependency Management HomeArticlesPodcastsVideosTweets

Seeking Recommendations for Malicious Dependency Scanning...