Many developers use Python packages in their software and do not even suspect that some of them may be malicious.
For example, more than 200 malicious packages were found in the PyPI repository, which are most often disguised as legitimate and used by attackers to steal data.
At the end of last year, Positive Technologies introduced a new PyAnalysis system — it is designed to detect suspicious and malicious Python packages.
Any user through the API can send the name of the Python package to the system for verification and get an assessment of its danger (clean, suspicious, malicious).
And the system will also explain why a particular package is malicious. At the moment, PT PyAnalysis is working in test mode and the company invites Python developers and secure development specialists to check out the service and share their comments to improve it and make it convenient for everyone.
You can submit an application for early access on the website www.ptsecurity.com