Ingest OSV - Cloud Storage

ossf · Nov 25, 2024 · ddebc1a · ddebc1a
1 parent 60d440e
commit ddebc1a
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/config/start-keys.yaml b/config/start-keys.yaml
@@ -1,5 +1,5 @@
 ossf-package-analysis:
-    confident/: confident/20241123/161326-npm-certain-common-library-99.99.3.json
+    confident/: confident/20241124/100546-pypi-some-random-package-33-2.3.100.json
 reversing-labs:
     RLMA-: RLMA-2024-09529.json
     RLUA-: RLUA-2024-10363.json
diff --git a/osv/malicious/npm/aries-bifold-root/MAL-0000-ossf-package-analysis-ad263058d3e4ba01.json b/osv/malicious/npm/aries-bifold-root/MAL-0000-ossf-package-analysis-ad263058d3e4ba01.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2024-11-25T19:54:13Z",
+  "published": "2024-11-25T19:54:13Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in aries-bifold-root (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'aries-bifold-root' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "aries-bifold-root"
+      },
+      "versions": [
+        "1.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "ad263058d3e4ba0138b6df42bd6e9c50e3b6f7510ff6c31bcaaadba181978c25",
+        "import_time": "2024-11-25T20:06:08.522529666Z",
+        "modified_time": "2024-11-25T19:54:13Z",
+        "versions": [
+          "1.0.0"
+        ]
+      }
+    ]
+  }
+}