| CPC G06F 21/577 (2013.01) [G06F 21/565 (2013.01)] | 16 Claims |
|
1. A method comprising:
obtaining, by a computing system, metadata associated with source code of a software package;
determining, by the computing system and based on the metadata associated with source code, whether there are any anomalies associated with the source code;
in response to determining that there is at least one anomaly associated with the source code, computing, by the computing system, an overall risk level for the software package, wherein computing the overall risk level for the software package is based on an author risk score that specifies a value that indicates a risk level of behavior of the author, a popularity score that specifies a value that indicates the popularity of the software package, and a health score that specifies a value that indicates a health of the software package; and
performing, by the computing system, an action based on the overall risk level for the software package, wherein performing the action comprises blocking use of the software package in a software product.
|