[feature] Add support for DataDog's malicious software package dataset

**Is your feature request related to a problem? Please describe.**

Malicious packages exist in public repos, and sometimes people bring them in.

**Describe the solution you'd like**

Parse the [DataDog Malicious Packages Dataset](https://github.com/DataDog/malicious-software-packages-dataset) to pull in known-malicious packages and flag them when they appear in the graph.

Currently, the dataset provides JSON manifests for known malicious [PyPI](https://github.com/DataDog/malicious-software-packages-dataset/blob/main/samples/pypi/manifest.json) and [NPM](https://github.com/DataDog/malicious-software-packages-dataset/blob/main/samples/npm/manifest.json).

I'm thinking this would be a certifier that runs and creates a CertifyBad node for packages.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[feature] Add support for DataDog's malicious software package dataset #2345

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[feature] Add support for DataDog's malicious software package dataset #2345

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions