Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rad.security/llms.txt

Use this file to discover all available pages before exploring further.

Open Source Malware Integration Setup

This guide walks you through connecting the Open Source Malware threat feed to RAD Security so that newly published malicious packages (npm, PyPI, and other ecosystems) flow into your workspace as threat indicators. Open Source Malware curates intelligence on packages, domains, and repositories that have been observed delivering malware in open source ecosystems. With this integration RAD Security continuously pulls the latest indicators on a schedule and surfaces matches against the workloads, dependencies, and runtime activity it already sees.

Prerequisites

Before you begin, ensure you have:
  • An Open Source Malware account with an API token
  • Access to a RAD Security workspace with integration permissions
If you do not yet have an Open Source Malware account, sign up at opensourcemalware.com and request API access.

Step 1: Generate an Open Source Malware API Token

1

Sign in to Open Source Malware

Sign in to your Open Source Malware account at https://opensourcemalware.com.
2

Create an API Token

  1. Navigate to your Account or API settings
  2. Click Create API token
  3. Give the token a recognizable name (e.g. RAD Security)
  4. Copy the token value
The token is typically shown only once. Store it in a password manager or secrets vault before leaving the page.

Step 2: Configure in RAD Security

In your RAD Security workspace, add a new Open Source Malware integration with the following parameter:
ParameterDescriptionExample
API TokenThe API token generated in Step 1osm_live_...
When you save the integration RAD Security verifies the token by calling the Open Source Malware API and immediately schedules the recurring threat feed pull.

Verify Integration

  1. Navigate to Data Sources → Integrations in RAD Security
  2. Locate your Open Source Malware integration
  3. Confirm the connection status shows as Connected
  4. After the first sync window, open Threat Vectors / Threat Feeds and filter for the Open Source Malware source to see ingested indicators
Your Open Source Malware integration is now active. RAD Security will continue to pull new malicious package indicators on its sync interval.

What Data is Synced

  • Package name, ecosystem (npm, PyPI, etc.), and affected version range
  • Threat classification, severity, and confidence
  • Discovery date and last-seen timestamp
  • Source URL on opensourcemalware.com
  • Related malicious domains, repositories, and URLs
  • Hashes and identifiers for detected payloads
  • Tags describing the campaign or technique

Use Cases

Dependency Risk

Detect when your repositories or running containers consume packages that match a known malicious indicator.

Supply Chain Threats

Block or alert on workloads that pull a newly disclosed malicious package soon after it is published.

Threat Hunting

Pivot on shared indicators (domains, repos, hashes) to discover related activity across your environment.

Incident Triage

Enrich incidents with curated open source malware context so responders can quickly judge severity.

Troubleshooting

Possible causes:
  • API token was copied incorrectly (extra spaces or truncated value)
  • Token was revoked or rotated in Open Source Malware
Solution:
  • Re-copy the token from the Open Source Malware UI
  • Generate a new token if the previous one was revoked, and update the RAD Security integration
Possible causes:
  • The first scheduled poll has not yet run
  • The API token is valid but does not have access to the relevant ecosystem feeds
Solution:
  • Wait for at least one sync interval to complete
  • Check the integration’s Last sync timestamp in RAD Security
  • Contact Open Source Malware support if you expect access to feeds that are not appearing
  1. Generate a new token in Open Source Malware
  2. Edit the integration in RAD Security and replace the API Token value
  3. Save — RAD Security re-verifies on save
  4. Revoke the old token in Open Source Malware

Security Best Practices

Dedicated Token

Use a token created specifically for the RAD Security integration so it can be rotated and audited independently.

Rotate Regularly

Rotate the API token on a schedule that matches your security policy (e.g. every 90 days).

Secret Storage

Store the API token in a secrets manager. Never commit it to source control or share it in chat.

Monitor Sync Health

Watch the integration’s Last sync status — a stale sync usually means the token has expired or has been revoked.

Next Steps

Data Sources

Explore all available data sources

Vulnerabilities

Combine open source malware indicators with vulnerability scanners

Workspace

Triage threat feed findings alongside other security signals

Engineering Integrations

Connect engineering platforms to map indicators to your repositories