There are companies like Helix Guard scanning registries. They advertise static analysis / LLM analysis, but honeypot instances can also install packages & detect certain files like cloud configs being accessed

▲

Yokohiii 3 hours ago | parent [-]

But relying on the goodwill of commercial sec vendors is it's own infrastructure risk.

	▲	perlgeek 22 minutes ago \| parent \| next [-]
		You can also pay a commercial sec vendor if you don't want to rely on their goodwill.
	▲	limagnolia an hour ago \| parent \| prev [-]
		So don't rely on their goodwill? Instead, pay them, under a contract.. or do it yourself.