Sonatype Introduces Next Generation Dependency Management | Press Release

Is Octopus Scanner Malware Lurking Inside of Your Open Source IDE?

Scan binaries (not manifests) to detect and defeat the Octopus Scanner malware.

Scan an Application

Examining your own application does not expose your source and binary code in any way.

Want to schedule some time to talk about your report? Click here.

Detect Octopus Scanner in 3 easy steps.


Try the Nexus Vulnerability Scanner.

Submit the form to try the Nexus Vulnerability Scanner (NVS) locally.


Select an application to scan.

Scan your own application or choose from one of our sample apps to see the power of NVS.


See if you're infected with Octopus Scanner Malware.

Receive a complete and comprehensive view of security vulnerabilities, license and quality risks associated with the open source components used in your application.

Octopus Scanner Malware

Scan deployed binaries (not declared manifests) to accurately detect and defeat open source security threats.

The inventors of the novel Octopus Scanner malware are bad actors.  They're also kind of clever.  You see, they designed their attack to be invisible and immune to manifest-based security scanners.

Being clever, however, is not enough to hide from a binary-based security tool like Nexus Lifecycle.  Powered by patented Advanced Binary Fingerprinting (ABF) technology, Nexus tools examine binaries as deployed and precisely identify real risk associated with all embedded dependencies.

  • “Scanning binaries as deployed has always been important — but is particularly important now in light of novel software supply chain attacks like Octopus Scanner which are immune to detection by manifest based scanning tools.”

    -Brian Fox, CTO, Sonatype

Understanding your risk is just the beginning.

Automate all of your open source security with the Nexus Platform.


Vet parts early and automatically stop defective components from entering your DevOps pipeline.


Manage libraries and store artifacts in a universal repository and share them across development teams.


Empower teams with precise component intelligence to enforce policies and continuously remediate risk.


Identify open source risk and remediate vulnerabilities with precise component intelligence at CI and Deployment.


Free service used by developers to identify known, publicly disclosed, open source vulnerabilities.

Ready to Try Nexus Products?

Sonatype, A Better Way to Build