Open source maintainers face an impossible challenge: AI bots are flooding repositories with pull requests—some helpful, some malicious, most just noise. Manual code reviews can't keep pace, and a single compromised dependency can cascade into a supply chain attack affecting millions of users.
In this exclusive interview with Swapnil Bhartiya, CRob, CTO of OpenSSF, and Michael Lieberman, Co-founder and CTO of Kusari, announce that Kusari Inspector is now free for all CNCF and OpenSSF projects. This AI-powered security tool acts like a virtual security engineer, running automated scans, filtering false positives, and identifying real threats—from SQL injections to malicious pipeline changes—before code gets merged.
Key Topics Covered:
How AI-generated code creates new supply chain attack vectors in open source ecosystems
Kusari Inspector's multi-modal approach: GitHub app, GitHub Actions, and CLI integration for agentic workflows
Real-world detection of malicious CI/CD pipeline modifications, supply chain worms, and dependency poisoning attacks
OpenSSF and CNCF partnership strategy to harden projects ahead of EU Cyber Resilience Act (CRA) enforcement
Expert system architecture: combining SAST, secret scanning, and LLMs with prompt engineering to eliminate noise
Read the full story & transcript at www.tfir.io
#OpenSource #SupplyChainSecurity #KusariInspector #OpenSSF #CNCF #KubeCon #CyberResilienceAct #AICodeReview #DevSecOps #CloudNative