HackerTrans
TopNewTrendsCommentsPastAskShowJobs

knackstedt

no profile record

Submissions

[untitled]

1 points·by knackstedt·4 bulan yang lalu·0 comments

Show HN: Shokupan – A framework that auto-generates OpenAPI specs from TS Types

github.com
2 points·by knackstedt·6 bulan yang lalu·0 comments

comments

knackstedt
·3 bulan yang lalu·discuss
For us, this was a very fast 0-60 project meant to help people quickly identify if they were breached by the LiteLLM supply chain attack (with other detection support). That's part of the reason our tool runs recursive checks, so developers can go to their e.g. ~/source directory and quickly see if they were pwned.

We've had almost zero false-positives with the AI detection in our configuration -- granted we haven't had a whole lot of testing given the short timeframe we started in, so take this with a grain of salt

Disclaimer: I work on this code
knackstedt
·3 bulan yang lalu·discuss
It has a 2-part process. First, it does a simple depencency check against Google's OSV, then there's a supply chain check that requires an AI key. This secondary check uses code signature checks to identify files that have "risky" behavior (e.g. eval, lots of encoded code etc) and passes that to an AI to identify whether it's likely malicious code hidden behind the "risky" behavior.

Disclaimer: I work on this project.
knackstedt
·4 bulan yang lalu·discuss
Why did you choose to write this with Golang? Were there any language specific features that drove you to this choice?