By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Tech News

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

By Viral Trending Content 3 Min Read
Share
SHARE

Jul 23, 2025Ravie LakshmananSoftware Integrity / DevSecOps

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.

“As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers,” Matthew Suozzo, Google Open Source Security Team (GOSST), said in a blog post this week.

The project aims to provide build provenance for packages across the Python Package Index (Python), npm (JS/TS), and Crates.io (Rust) package registries, with plans to extend it to other open-source software development platforms.

With OSS Rebuild, the idea is to leverage a combination of declarative build definitions, build instrumentation, and network monitoring capabilities to produce trustworthy security metadata, which can then be used to validate the package’s origin and ensure it has not been tampered with.

Cybersecurity

“Through automation and heuristics, we determine a prospective build definition for a target package and rebuild it,” Google said. “We semantically compare the result with the existing upstream artifact, normalizing each one to remove instabilities that cause bit-for-bit comparisons to fail (e.g., archive compression).”

Once the package is reproduced, the build definition and outcome is published via SLSA Provenance as an attestation mechanism that allows users to reliably verify its origin, repeat the build process, and even customize the build from a known-functional baseline.

In scenarios where automation isn’t able to fully reproduce the package, OSS Rebuild offers a manual build specification that can be used instead.

OSS Rebuild, the tech giant noted, can help detect different categories of supply chain compromises, including –

  • Published packages that contain code not present in the public source repository (e.g., @solana/web3.js)
  • Suspicious build activity (e.g., tj-actions/changed-files)
  • Unusual execution paths or suspicious operations embedded within a package that are challenging to identify through manual review (e.g., XZ Utils)
Cybersecurity

Besides securing the software supply chain, the solution can improve Software Bills of Materials (SBOMs), speed up vulnerability response, strengthen package trust, and eliminate the need for CI/CD platforms to be in charge of an organization’s package security.

“Rebuilds are derived by analyzing the published metadata and artifacts and are evaluated against the upstream package versions,” Google said. “When successful, build attestations are published for the upstream artifacts, verifying the integrity of the upstream artifact and eliminating many possible sources of compromise.”

You Might Also Like

Inside the Messy, Accidental Kryptos Reveal

€1.5m all-island project aims to restore oyster reefs to protect Irish coasts

Levoit Aero Cordless Vacuum Review: Self-Emptying Base

Claude Haiku 4.5 Review: Features, Performance & Real-World Costs

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

TAGGED: automation, Cyber Security, Cybersecurity, DevSecOps, Google, Internet, JavaScript, Open Source, Package Management, Python, Rust, Software Integrity, Software Supply Chain, Vulnerability Management
Share This Article
Facebook Twitter Copy Link
Previous Article How MGA Thermal’s Alloy is Changing the Future of Energy
Next Article Ahrefs AI Content Detector | Gold Penguin
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Isabelle Tate’s Cause of Death: What Happened to the ‘9-1-1: Nashville’ Actress?
Celebrity
Pokémon TCG Pocket will count Deluxe: ex cards toward original packs…in 2026
Gaming News
Jurassic World Evolution 3 Guide: How To Build A Balloon Tour
Gaming News
US is sending an aircraft carrier to Latin America in major escalation of military buildup
World News
Sebi allows transfer of PMS business to simplify operations, ease compliance burden
Business
New Bitcoin Improvement Proposal Aims To Improve Privacy: Here’s How
Crypto
Inside the Messy, Accidental Kryptos Reveal
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Isabelle Tate’s Cause of Death: What Happened to the ‘9-1-1: Nashville’ Actress?

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Isabelle Tate’s Cause of Death: What Happened to the ‘9-1-1: Nashville’ Actress?
October 24, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?