Malware Identification¶

Supply chain malware targets the software build and distribution process — from typosquatting (malicious packages with similar names) to compromised build systems.

Detection approaches¶

• YARA rules — pattern-matching for known malware signatures.
• ClamAV — open-source antivirus scanning.
• Container image scanning — layer-by-layer analysis of Docker images.
• Behavioral analysis — detecting suspicious install scripts and network calls.

How TrustSource helps¶

• Deep scan — file-level repository analysis.
• Container scanning with ts-scan.