Hello all,
I would like to share Panoptisch, a FOSS(Free and Open Source Software)
tool I've been working on.
We all may have encountered the issue of not having a clear dependency tree
or not being sure of the modules our dependencies and sub-dependencies are using.
Some of us may have also heard of supply chain attacks, where open source projects are hijacked to distribute malicious code masquerading as the
original package. This can happen deep down in the dependency chain.
Panoptisch was born out of the need to accurately verify the modules used
in my project.
It recursively scans a Python module or file to find modules used and
exports a report in JSON which can be parsed for analysis.
For example, should your yaml parser, or it's sub-dependencies import socket/os? should your markdown renderer or it's sub-dependencies import sys/importlib? *Probably not.*
Panoptisch is in early stages, has known limitations and is looking for
help! I would love feedback, contributions, and most important of all,
rigorous testing!
I would also love to help you integrate this tool in your workflow to write more secure software.
Link:
https://github.com/R9295/panoptisch
Short Demo:
https://www.youtube.com/watch?v=bDJWl_odXx0
Thanks and Regards,
aarnav
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)