Abstract: Systems and methods for a security tool that verifies the security of a software package. An example method may involve identifying a plurality of components contained in a software package comprising one of a JAR file, an Android application package, a docker image, a container file, or a virtual machine image; comparing the components contained in the software package to a list of known components; classifying the software package as insecure when at least one of the components matches an insecure component, or as secure when each of the compared components matches a corresponding secure component on the list of known components; preventing addition of the software package to a software repository when the software package is classified as insecure; and when insecure, providing an interface to enable a user to request the components of the software package be added as a secure component on the list of known components.

Abstract: Systems and methods for a security tool that verifies the security of a software package. An example method may involve identifying a plurality of components contained in a software package comprising one of a JAR file, an Android application package, a docker image, a container file, or a virtual machine image; comparing the components contained in the software package to a list of known components; classifying the software package as insecure when at least one of the components matches an insecure component, or as secure when each of the compared components matches a corresponding secure component on the list of known components; preventing addition of the software package to a software repository when the software package is classified as insecure; and when insecure, providing an interface to enable a user to request the components of the software package be added as a secure component on the list of known components.

Abstract: A software repository offering a software package or a computing system downloading a software package can utilize a security tool to verify the security of the software package. The security tool can check and verify that the software package is secure utilizing a black list of components. To check the security, the security tool can compare the components (archival files) of the software package to the black list. A black list can include a list of components that are known to be insecure.

Abstract: A software repository offering a software package or a computing system downloading a software package can utilize a security tool to verify the security of the software package. The security tool can check and verify that the software package is secure utilizing a black list of components. To check the security, the security tool can compare the components (archival files) of the software package to the the black list. A black list can include a list of components that are known to be insecure.