Chainguard source code scanner
AssessTools
A code-scanning tool that analyzes packages for malware and greyware behavior.
Why it's here
Placed in Assess: 1 article(s) of evidence from 1 source(s), led by security coverage, with 1 in the last 30 days. Confidence 24%. Low accumulated evidence, so it defaults conservatively pending more signal.
Evidence (1)
- 8The New Stack·6/11/2026securityChainguard flags greyware in open-source packages
Chainguard says its new source code scanner is detecting not only malware but also “greyware” in public registries, meaning packages that behave as advertised while also including harmful capabilities. The company says it has scanned over 100,000 packages per day and blocked more than 52,000 packages identified as malware or greyware, with examples on npm involving credential theft, token exfiltration, and persistent backdoors.