Skip to content

Commit

Permalink
Ingest OSV - Cloud Storage
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Dec 21, 2024
1 parent 2464041 commit 5eec02a
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
2 changes: 1 addition & 1 deletion config/start-keys.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ossf-package-analysis:
confident/: confident/20241220/163811-npm-blz-internal-pkg_update-7.7.15.json
confident/: confident/20241220/164054-npm-blz-internal-pkg_update-7.7.16.json
reversing-labs:
RLMA-: RLMA-2024-11212.json
RLUA-: RLUA-2024-11114.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2024-12-21T04:45:44Z",
"published": "2024-12-21T04:45:44Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in lerna-monorepo2 (npm)",
"details": "The OpenSSF Package Analysis project identified 'lerna-monorepo2' @ 9.9.10 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "lerna-monorepo2"
},
"versions": [
"9.9.10"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "e474e9abebf06f8db38fa9d817977582d4afb15e4028b15b060b7cb6b0ddd3a3",
"import_time": "2024-12-21T05:05:17.935648512Z",
"modified_time": "2024-12-21T04:45:44Z",
"versions": [
"9.9.10"
]
}
]
}
}

0 comments on commit 5eec02a

Please sign in to comment.