Skip to content

Commit

Permalink
Ingest OSV - Cloud Storage
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Dec 24, 2024
1 parent 9450803 commit db2d23a
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
2 changes: 1 addition & 1 deletion config/start-keys.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ossf-package-analysis:
confident/: confident/20241223/175602-npm-cloudinary-ct-run-sub-1.1.0.json
confident/: confident/20241223/175808-npm-tree-sitter-dockerfile-1.1.0.json
reversing-labs:
RLMA-: RLMA-2024-11212.json
RLUA-: RLUA-2024-11114.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2024-12-24T17:55:44Z",
"published": "2024-12-24T17:55:44Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in gravity-bridge-site (npm)",
"details": "The OpenSSF Package Analysis project identified 'gravity-bridge-site' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "gravity-bridge-site"
},
"versions": [
"1.1.0"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "ae232ba265c5a6f6819814f2baf364c618baaaac7305273d18133f5eebab1f95",
"import_time": "2024-12-24T18:06:39.437501354Z",
"modified_time": "2024-12-24T17:55:44Z",
"versions": [
"1.1.0"
]
}
]
}
}

0 comments on commit db2d23a

Please sign in to comment.