Is Octopus Scanner Malware Lurking Inside of Your Open Source IDE?

Scan binaries (not manifests) to detect and defeat the Octopus Scanner malware.

Scan an Application

Prefer to scan your application online? Click here


By providing this information, you agree that Sonatype may contact you about our products and services. You may unsubscribe from our communications at any time. Please visit our Privacy Policy for more information on our commitment to protecting your data privacy.

* Required fields

Detect Octopus Scanner in 3 easy steps.


Try the Sonatype Vulnerability Scanner.

Submit the form to try the Sonatype Vulnerability Scanner (SVS) locally.


Select an application to scan.

Scan your own application or choose from one of our sample apps to see the power of NVS.


See if you're infected with Octopus Scanner Malware.

Receive a complete and comprehensive view of security vulnerabilities, license and quality risks associated with the open source components used in your application.

Octopus Scanner Malware

Scan deployed binaries (not declared manifests) to accurately detect and defeat open source security threats.

The inventors of the novel Octopus Scanner malware are bad actors.  They're also kind of clever.  You see, they designed their attack to be invisible and immune to manifest-based security scanners.

Being clever, however, is not enough to hide from a binary-based security tool like Sonatype Lifecycle.  Powered by patented Advanced Binary Fingerprinting (ABF) technology, Sonatype tools examine binaries as deployed and precisely identify real risk associated with all embedded dependencies.

  • “Scanning binaries as deployed has always been important — but is particularly important now in light of novel software supply chain attacks like Octopus Scanner which are immune to detection by manifest based scanning tools.”

    — Brian Fox, CTO, Sonatype

Understanding your risk is just the beginning.

Automate all of your open source security with the Nexus Platform.


Vet parts early and automatically stop defective open source components from entering your software supply chain.


Manage libraries and store artifacts in a universal repository and share them across development teams.


Empower teams with precise component intelligence to enforce policies and continuously remediate risk.


Identify open source risk and remediate vulnerabilities with precise component intelligence at CI and Deployment.


Free service used by developers to identify known, publicly disclosed, open source vulnerabilities.

Ready to Try Sonatype?

Secure and automate your software supply chain.