guarddog icon indicating copy to clipboard operation
guarddog copied to clipboard
verified publisher icon DataDog

Alias "pip install" to "guarddog"

Open christophetd opened this issue 3 years ago • 4 comments

Just a random idea I had:

As a: developer I want to: automatically run pysecurity on every package I install and that: the installation fails if the package is dangerous so that: I don't install malicious packages

The idea would be to document a way to have an alias that runs pysecurity, then pip install, and fails if the package is deemed "risky".

Sample usage:

$ securepip install mypackage
Scanning mypackage with pysecurity...
No malicious behavior found, proceeding with pip install

Implementation: the easiest would be to provide a bash function one could add to their .bashrc

christophetd avatar Jul 22 '22 08:07 christophetd

Another way would be to have a "proxy command" directly in GuardDog that emulates the right behavior, e.g. guarddog poetry xxx and guarddog pip install

christophetd avatar Nov 28 '22 08:11 christophetd

+1 for adding direct support for the discovery and parsing of manifests that aren't just requirements.txt (like Poetry)

andrewkrug avatar Mar 15 '23 14:03 andrewkrug

For reference, Socket security just released a similar thing for npm. I really really like the concept here!

vdeturckheim avatar Mar 17 '23 09:03 vdeturckheim

Closing this issue, since https://github.com/DataDog/supply-chain-firewall/ was introduced to do this. Is not the same, since scfw works on known malicious items rather than live data, but further extending scfw is being considered

sobregosodd avatar Dec 30 '24 17:12 sobregosodd