The Sched app allows you to build your schedule, but it is not a substitute for event registration. To participate in the sessions, you must be registered for OpenSSF Community Day India 2025.If you have not registered but would like to join us, please go to the event registration pageto purchase a registration.
Please note: This schedule is automatically displayed in India Standard Time.To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
Schedule is subject to change.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
Open source ecosystems frequently face supply chain attacks via malicious packages hidden in trusted registries. vet is an open-source security tool designed specifically to detect potentially malicious packages through behavioral and heuristic analysis.
This session covers:
Supply chain attacks: Brief overview and recent cases of malware found in popular ecosystems such as npm and PyPI.
Vet introduction: How vet identifies suspicious packages beyond traditional CVE-based scanning (Malware Analysis Docs).https://docs.safedep.io/cloud/malware-analysis
Technical walkthrough: Practical use of vet in CI/CD pipelines and developer workflows (CLI and GitHub Actions examples).
Actionable outcomes: Understanding and responding to vet results effectively.
Teja is a Developer advocate, Podcaster and an open-source contributor, his interest lies in understanding and improving the developer experience and evangelizing through the developer community.
