Henrik Plate
Henrik Plate
Collect information about interfaces and interface methods when analyzing Java source and byte code. #### `TODO`s - [ ] Test whether the backend properly saves the collected and uploaded information...
#### `TODO`s - [ ] Tests - [ ] Documentation
One additional source of statements could be the list of known malicious packages maintained at https://github.com/dasfreak/Backstabbers-Knife-Collection. It contains a file `package_index.csv` with the following columns: Type, Package Name, Affected Version,...
The change of the JSON view with commit 09292c4aaa232cd962e6cefa2b8c543a399aee0b breaks the mitigation tab in https://github.com/eclipse/steady/blob/6ea5fc17db84bceb78633ead15686d72a5e96e39/frontend-apps/src/main/webapp/view/ArchiveDetail.controller.js#L103, because the library property `constructTypeCounters`is not populated any more. As a result, the whole mitigation...
fyi - Starting from the attack tree in [Fig.2 of the Backstabber's Knife Collection](https://arxiv.org/pdf/2005.09535.pdf), we propose a more comprehensive overview about the attack surface of software supply chains in [Taxonomy...
SBOMs generated with version 2.7.1 contain PackageURLs with classifier `type=jar`, which complicates the comparison with SBOMs generated by other tools. Example: ``` "purl" : "pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar" ``` It would be nice...
This check resembles very much what we have attempted a few years back, that is, to compare the (Python) files in a PyPI package with the corresponding files in the...