What is this?
Kahu is a Software Supply Chain Security Service that reduces the time and effort required to vet dependency installation and updates.
Under the hood is a specially crafted deep source inspector that goes through all installed dependencies, to identify code that requires attention.
Features:
- Check for Common Vulnerabilities and Exposures;
- Risky API usage (eval, sleep, usleep etc);
- Bidirectional Control Characters;
- Invisible characters;
- Zero-width characters;
- API usage (File system access, network access etc);
- Extension usage;
- Environment access;
- Super Globals access;
- Process control;
- Hard-coded URLs, IP Addresses and credentials;
- Outdated packages
- More planned..
Kahu also provides a Software Bill of Materials (SBOM) on steroids, enhanced with its detection results and risk evaluation.