HackerTrans
トップ新着トレンドコメント過去質問紹介求人

knackstedt

no profile record

投稿

[untitled]

1 ポイント·投稿者 knackstedt·4 か月前·0 コメント

Show HN: Shokupan – A framework that auto-generates OpenAPI specs from TS Types

github.com
2 ポイント·投稿者 knackstedt·6 か月前·0 コメント

コメント

knackstedt
·4 か月前·議論
For us, this was a very fast 0-60 project meant to help people quickly identify if they were breached by the LiteLLM supply chain attack (with other detection support). That's part of the reason our tool runs recursive checks, so developers can go to their e.g. ~/source directory and quickly see if they were pwned.

We've had almost zero false-positives with the AI detection in our configuration -- granted we haven't had a whole lot of testing given the short timeframe we started in, so take this with a grain of salt

Disclaimer: I work on this code
knackstedt
·4 か月前·議論
It has a 2-part process. First, it does a simple depencency check against Google's OSV, then there's a supply chain check that requires an AI key. This secondary check uses code signature checks to identify files that have "risky" behavior (e.g. eval, lots of encoded code etc) and passes that to an AI to identify whether it's likely malicious code hidden behind the "risky" behavior.

Disclaimer: I work on this project.
knackstedt
·4 か月前·議論
Why did you choose to write this with Golang? Were there any language specific features that drove you to this choice?