International Journal of Science and Research (IJSR)

International Journal of Science and Research (IJSR)
Call for Papers | Fully Refereed | Open Access | Double Blind Peer Reviewed

ISSN: 2319-7064


Downloads: 1

United Staes | Computer Science and Information Technology | Volume 14 Issue 9, September 2025 | Pages: 343 - 350


A Comprehensive Review of Open-Source Malware Scanners in the Software Supply Chain

Karthikeyan Thirumalaisamy

Abstract: The increasing adoption of open-source software (OSS) makes the software supply chain an attractive target for advanced cyberattacks. The risks of malicious packages or dependencies (also known as dependency confusion) and trojanized components (aka supply chain interception) have been identified as growing risks and we have seen attacks publicly, exposing the risks associated with supply chain security. There are many available security tools, but a systematic overview of open source malware scanners for protecting the software supply chain is missing. This paper classifies and evaluates open-source malware scanners based on their detection paradigm, whether or not they integrate into the software development lifecycle (SDLC), and whether or not they protect the user from supply chain risks. It categorizes the scanners into three types: static analysis tools (e.g. heuristics-based and Semgrep rules), signature-based scanners (i.e. YARA, ClamAV), and behavioral analysis tools to evaluate code in runtime. It also provides an overview and comparison of selected tools based on certain criteria: detection effectiveness, CI/CD integration, and support provided by the OSS community. This paper helps to identify the trade-offs, such as the velocity of discovering potential issues through static analysis, versus the depth of discovery through dynamic analysis, and limitations in the current landscape, such as challenges with obfuscated malware and false positives and offers practitioners and researchers practical information for securing a modern software ecosystem.

Keywords: Supply chain, Malware Scanning, Behavioral analysis, Threat detection, Static analysis, Dynamic analysis

How to Cite?: Karthikeyan Thirumalaisamy, "A Comprehensive Review of Open-Source Malware Scanners in the Software Supply Chain", Volume 14 Issue 9, September 2025, International Journal of Science and Research (IJSR), Pages: 343-350, https://www.ijsr.net/getabstract.php?paperid=SR25908114201, DOI: https://dx.doi.org/10.21275/SR25908114201

Download Article PDF

Rate This Article!


Top