I’ve been tracking these supply-chain incidents as well, so I built a small
real-time scanner that looks for suspicious SHA-1 patterns inside repositories.
It’s basically a lightweight CLI tool you can run directly inside any local
project:
It’s not meant to be a full security product — just a simple “first-pass”
detector that helps catch unexpected checksum strings or injected artifacts
before they slip into CI. Feedback and contributions are welcome!
It’s basically a lightweight CLI tool you can run directly inside any local project:
Repo is here: https://github.com/developerjhp/sha1-hulud-scannerIt’s not meant to be a full security product — just a simple “first-pass” detector that helps catch unexpected checksum strings or injected artifacts before they slip into CI. Feedback and contributions are welcome!