Report Finds 430% Increase in Next-Gen Open Source Cyber Attacks | Press Release

Is Octopus Scanner Malware Lurking Inside of Your Open Source IDE?

Scan binaries (not manifests) to detect and defeat the Octopus Scanner malware.

Scan an Application

Examining your own application does not expose your source and binary code in any way.

Detect Octopus Scanner in 3 easy steps.

Icon_1

Download Nexus Vulnerability Scanner (NVS).

Submit form to download NVS locally.

Icon_2

Select an application to scan.

Scan your own application or choose a sample.

Icon_3

See if you're infected with Octopus Scanner Malware.

Check your email for a link to your Software Bill of Materials (SBOM) and see if your app contains abnormal or modified dependencies.

Octopus Scanner Malware

Scan deployed binaries (not declared manifests) to accurately detect and defeat open source security threats.

The inventors of the novel Octopus Scanner malware are bad actors.  They're also kind of clever.  You see, they designed their attack to be invisible and immune to manifest-based security scanners.

Being clever, however, is not enough to hide from a binary-based security tool like Nexus Lifecycle.  Powered by patented Advanced Binary Fingerprinting (ABF) technology, Nexus tools examine binaries as deployed and precisely identify real risk associated with all embedded dependencies.

  • “Scanning binaries as deployed has always been important — but is particularly important now in light of novel software supply chain attacks like Octopus Scanner which are immune to detection by manifest based scanning tools.”

    -Brian Fox, CTO, Sonatype

Understanding your risk is just the beginning.

Automate all of your open source security with the Nexus Platform.

NexusFirewall_Vertical

Vet parts early and automatically stop defective components from entering your DevOps pipeline.

NexusRepo_Vertical@2x

Manage libraries and store artifacts in a universal repository and share them across development teams.

NexusLifecycle_Vertical

Empower teams with precise component intelligence to enforce policies and continuously remediate risk.

NexusLifecycleFoundation_Vertical

Identify open source risk and remediate vulnerabilities with precise component intelligence at CI and Deployment.

OSS-Index_stacked

Free service used by developers to identify known, publicly disclosed, open source vulnerabilities.

Ready to Try Nexus Products?

Sonatype, A Better Way to Build