How GitLab's Package Hunter Prevents Supply Chain Attacks

MakeUseOf

By Rubaiat Hossain

Published Sep 2, 2021

GitLab's latest tool can find malicious code in open-source projects. Here's how you can use Package Hunter to keep your CI/CD pipeline safe.

As software projects continue to grow, developers tend to use more and more third-party libraries. It makes shipping new features a faster and more efficient process. However, when your program depends on libraries created by someone else, there's a good chance something unexpected may happen.

There's been a growing number of software supply chain attacks leveraging modules containing malicious code. GitLab has come up with a new tool called Package Hunter to prevent these attacks.

How Does Package Hunter Work?

Package Hunter is a robust tool for monitoring dependencies in software modules and alerts programmers about unwanted behaviors. It's an open-source project developed by the GitLab security team. At the time of writing, Package Hunter works with NodeJS modules and Ruby Gems.

It analyzes your program's dependencies to look for malicious code. To do this, Package Hunter will install the required modules in a sandbox environment and monitor the system calls. If any of these system calls look suspicious or out of the ordinary, Package Hunter will alert the developer immediately.

Under the hood, Package Hunter utilizes Falco, a cloud-native security project that can detect threats at runtime. It reduces the time programmers need to review code manually.

How to Use Package Hunter in Your Projects

Package Hunter integrates effortlessly with existing GitLab tooling. To use it for your project, first, install the software on your local machine. Follow these instructions to install Package Hunter.

Note that this package requires Falco 0.23.0, Docker 20.10(or later), and Node 12.21(or later). You can start using Package Hunter in CI pipelines after installation is complete. Follow these instructions to use Package Hunter in CI pipelines.

Safeguard Your Software Using Package Hunter

GitLab's Package Hunter is an effective tool for developers who constantly look for malicious code in their projects. As supply chain attacks become increasingly common, we need to adapt fast to protect our software. Having a clear idea of these attacks is crucial to safeguard your next big project.