List view
TBC
No due date•0/1 issues closedExtend the data being processed to include more from the following sources: - strace log - pcap network traffic - podman/OS statistics In particularly filesystem calls such as chmod, chown, mkdir, rmdir, symlink, link, and others aren't being used. Additionally there is a desire to capture memory, CPU, etc resource usage too. There may also be other interesting data that can be extracted. To support more data being extracted the output format may need to be improved.
No due date•2/5 issues closedCurrently we use some custom saved SQL queries for BigQuery to analyze the Package Analysis result data for malicious samples. This has worked reasonably well so far at finding malicious packages, but it requires regular effort to monitor the output of these queries. To scale this further it would be good to automate this away - improving efficiency and broading the scope of what we are able to hunt for.
No due dateSome notable samples failed to be ingested and scanned by the analysis pipeline: - `hipid`, `hpid` and `ecopower` are all missing from our analysis (see: https://jfrog.com/blog/jfrog-discloses-3-remote-access-trojans-in-pypi/) - `node-ipc` was scanned, but not v9.2.2 was not (see: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/) Past analysis shows that there may be bugs with the https://github.com/ossf/package-feeds, particularly with broken encoding. There may also be issues with how frequently each package repo is being scanned by package-feeds.
No due date