OSSPREY – Secure Your Software Supply Chain
Deep Supply Chain Insight
Map every dependency and inspect source code at the repo level to verify trust and integrity, before you build or deploy
Malware Detection
Uncover malicious or risky packages using Ossprey’s proprietary AI Code Scanner, built to identify real-world threats in real-time
Software Supply Chain Gateway
Prevent malicious code from entering your environment with automated policy enforcement and early warning indicators—tailored for your stack
Latest Blog Posts
Stay updated with the latest trends in cybersecurity and open source security.
Axios Hijacked: Cross-Platform RAT via Maintainer Account Takeover
The official axios npm package was compromised via maintainer account hijack, injecting a malicious dependency that deploys a cross-platform remote access trojan targeting developer environments.
Read More
New .WAV of TeamPCP malware
Ossprey detected the compromise of the official Telnyx Python SDK - 13 minutes after publish, and before the functional payload existed - delivering a persistent Windows executable via XOR-encrypted WAV steganography.
Read More
Trivy Supply Chain Attack and CanisterWorm: Were You Hit?
A sophisticated supply chain attack compromised Aqua Security’s Trivy scanner, exposing thousands of CI/CD pipelines. This post breaks down both waves of the attack, the CanisterWorm npm escalation, and provides detection steps and remediation guidance.
Read More