Is Octopus Scanner Malware Lurking Inside of Your Open Source IDE?

Scan binaries (not manifests) to detect and defeat the Octopus Scanner malware.

Scan an Application

Prefer to scan your application online? Click here

 

By providing this information, you agree that Sonatype may contact you about our products and services. You may unsubscribe from our communications at any time. Please visit our Privacy Policy for more information on our commitment to protecting your data privacy.

* Required fields



Detect Octopus Scanner in 3 easy steps.

Icon_1_blurple

Try the Sonatype Vulnerability Scanner.

Submit the form to try the Sonatype Vulnerability Scanner (SVS) locally.

Icon_2_blurple

Select an application to scan.

Scan your own application or choose from one of our sample apps to see the power of NVS.

Icon_3_blurple

See if you're infected with Octopus Scanner Malware.

Receive a complete and comprehensive view of security vulnerabilities, license and quality risks associated with the open source components used in your application.

Octopus Scanner Malware

Scan deployed binaries (not declared manifests) to accurately detect and defeat open source security threats.

The inventors of the novel Octopus Scanner malware are bad actors.  They're also kind of clever.  You see, they designed their attack to be invisible and immune to manifest-based security scanners.

Being clever, however, is not enough to hide from a binary-based security tool like Sonatype Lifecycle.  Powered by patented Advanced Binary Fingerprinting (ABF) technology, Sonatype tools examine binaries as deployed and precisely identify real risk associated with all embedded dependencies.

  • “Scanning binaries as deployed has always been important — but is particularly important now in light of novel software supply chain attacks like Octopus Scanner which are immune to detection by manifest based scanning tools.”

    — Brian Fox, CTO, Sonatype

Understanding your risk is just the beginning.

Automate all of your open source security with the Nexus Platform.

sonatype-firewall-logo-stacked

Vet parts early and automatically stop defective open source components from entering your software supply chain.

Learn More
sonatype-repository-logo-stacked

Manage libraries and store artifacts in a universal repository and share them across development teams.

Learn More
sonatype-lifecycle-logo-stacked

Empower teams with precise component intelligence to enforce policies and continuously remediate risk.

Learn More
sonatype-lifecycle-foundation@2x

Identify open source risk and remediate vulnerabilities with precise component intelligence at CI and Deployment.

Learn More
OSS-Index_stacked

Free service used by developers to identify known, publicly disclosed, open source vulnerabilities.

Learn More

Ready to Try Sonatype?

Secure and automate your software supply chain.

Contact Us Today
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information