Skip to content

Commit

Permalink
Ingest OSV - Cloud Storage
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Dec 23, 2024
1 parent dcb88a4 commit 32db947
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 1 deletion.
2 changes: 1 addition & 1 deletion config/start-keys.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ossf-package-analysis:
confident/: confident/20241223/141826-npm-bridge-transaction-parser-hop400-1.2.0.json
confident/: confident/20241223/142610-npm-wdio-common-1.1.0.json
reversing-labs:
RLMA-: RLMA-2024-11212.json
RLUA-: RLUA-2024-11114.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2024-12-23T19:50:54Z",
"published": "2024-12-23T19:50:54Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in testforyt7hb (npm)",
"details": "The OpenSSF Package Analysis project identified 'testforyt7hb' @ 1.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "testforyt7hb"
},
"versions": [
"1.2.0"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "7ffea609123713e81da0d17141ca37dca97eaa7848afcbf299d969e5108ce7e2",
"import_time": "2024-12-23T20:05:43.202168215Z",
"modified_time": "2024-12-23T19:50:54Z",
"versions": [
"1.2.0"
]
}
]
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2024-12-23T19:45:57Z",
"published": "2024-12-23T19:45:57Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in testforyt7hb (npm)",
"details": "The OpenSSF Package Analysis project identified 'testforyt7hb' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "testforyt7hb"
},
"versions": [
"1.1.0"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "8d8cc4117fc59a58b4d90473f5d25069af8ce575c452c4a1a275007a5fd279b2",
"import_time": "2024-12-23T20:05:43.107177275Z",
"modified_time": "2024-12-23T19:45:57Z",
"versions": [
"1.1.0"
]
}
]
}
}

0 comments on commit 32db947

Please sign in to comment.