Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
Currently, the PyPI malware detector using seven heuristics generates a high number of false positives.
To enhance the accuracy of our detection, I suggest extending the check to
further confirm malicious behavior within the entire source code and highlight suspicious code blocks.
Currently, the PyPI malware detector using seven heuristics generates a high number of false positives. To enhance the accuracy of our detection, I suggest extending the check to further confirm malicious behavior within the entire source code and highlight suspicious code blocks.