Skip to content

Commit

Permalink
Ingest OSV - Cloud Storage
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Jan 24, 2025
1 parent 787137f commit d8033cb
Show file tree
Hide file tree
Showing 69 changed files with 2,857 additions and 1 deletion.
2 changes: 1 addition & 1 deletion config/start-keys.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ossf-package-analysis:
confident/: confident/20250124/050041-npm-iberia-checkout-999.9.9.json
confident/: confident/20250124/053115-npm-meli-model-999.9.9.json
reversing-labs:
RLMA-: RLMA-2024-11212.json
RLUA-: RLUA-2024-11114.json
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-parser/MAL-0000-ossf-package-analysis-eca93207608d2141.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:05:48Z",
"published": "2025-01-24T05:05:48Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-parser (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-parser' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-parser"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "eca93207608d214136145d5d86c9fda0d83c29002132a2b488fd475aa6c10c8f",
"import_time": "2025-01-24T05:35:08.595646286Z",
"modified_time": "2025-01-24T05:05:48Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-payment/MAL-0000-ossf-package-analysis-df55c90f71da02d2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:15:44Z",
"published": "2025-01-24T05:15:44Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-payment (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-payment' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-payment"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "df55c90f71da02d24eeb4696aa783de823c705d9f771521b950cafdb2a537c03",
"import_time": "2025-01-24T05:35:10.551694746Z",
"modified_time": "2025-01-24T05:15:44Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-sdk/MAL-0000-ossf-package-analysis-9114efb6f53e1090.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:05:46Z",
"published": "2025-01-24T05:05:46Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-sdk (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-sdk' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-sdk"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "9114efb6f53e10904e0d6476483d50e50570a62201743b0c30f45de8156a7489",
"import_time": "2025-01-24T05:35:08.46625031Z",
"modified_time": "2025-01-24T05:05:46Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-service/MAL-0000-ossf-package-analysis-bd156a21b883727d.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:05:48Z",
"published": "2025-01-24T05:05:48Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-service (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-service' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-service"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "bd156a21b883727d9e4bc5b820a01196330a53b28b1227abd237c16e5a8e90a5",
"import_time": "2025-01-24T05:35:08.716328906Z",
"modified_time": "2025-01-24T05:05:48Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-sync/MAL-0000-ossf-package-analysis-3fa775f2b41624be.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:05:52Z",
"published": "2025-01-24T05:05:52Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-sync (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-sync' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-sync"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "3fa775f2b41624be8acd4b8b6be1dc827dc0012574f46c5baf62b0f4aeaa3440",
"import_time": "2025-01-24T05:35:09.023779769Z",
"modified_time": "2025-01-24T05:05:52Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/iberia-test/MAL-0000-ossf-package-analysis-34782600b3f9ee71.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:05:50Z",
"published": "2025-01-24T05:05:50Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in iberia-test (npm)",
"details": "The OpenSSF Package Analysis project identified 'iberia-test' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "iberia-test"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "34782600b3f9ee7199f713e88b078821b8ce5da7f26f9779515258d8be6c86e3",
"import_time": "2025-01-24T05:35:08.864339793Z",
"modified_time": "2025-01-24T05:05:50Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/instacart-event/MAL-0000-ossf-package-analysis-003102423aeb5ea1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:10:41Z",
"published": "2025-01-24T05:10:41Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in instacart-event (npm)",
"details": "The OpenSSF Package Analysis project identified 'instacart-event' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "instacart-event"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "003102423aeb5ea11be6dd107f680fb93eb897d8c2e772967fd2723e3c50ea24",
"import_time": "2025-01-24T05:35:09.239579615Z",
"modified_time": "2025-01-24T05:10:41Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/instacart-gateway/MAL-0000-ossf-package-analysis-85e7f03b6318de8c.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:10:49Z",
"published": "2025-01-24T05:10:49Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in instacart-gateway (npm)",
"details": "The OpenSSF Package Analysis project identified 'instacart-gateway' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "instacart-gateway"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "85e7f03b6318de8c9d6b7d97c107c08e382b2c51f628065e22a1c84e163666d2",
"import_time": "2025-01-24T05:35:10.391498968Z",
"modified_time": "2025-01-24T05:10:49Z",
"versions": [
"999.9.9"
]
}
]
}
}
42 changes: 42 additions & 0 deletions osv/malicious/npm/instacart-internal/MAL-0000-ossf-package-analysis-5c4f97fa1af421b8.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
{
"modified": "2025-01-24T05:10:43Z",
"published": "2025-01-24T05:10:43Z",
"schema_version": "1.5.0",
"id": "",
"summary": "Malicious code in instacart-internal (npm)",
"details": "The OpenSSF Package Analysis project identified 'instacart-internal' @ 999.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "instacart-internal"
},
"versions": [
"999.9.9"
]
}
],
"credits": [
{
"name": "OpenSSF: Package Analysis",
"type": "FINDER",
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
]
}
],
"database_specific": {
"malicious-packages-origins": [
{
"source": "ossf-package-analysis",
"sha256": "5c4f97fa1af421b8c267a6d72e7078ff0f45e3007987726e95289b4badf3234d",
"import_time": "2025-01-24T05:35:09.351506119Z",
"modified_time": "2025-01-24T05:10:43Z",
"versions": [
"999.9.9"
]
}
]
}
}
Loading

0 comments on commit d8033cb

Please sign in to comment.