SQ30103
Detected presence of potentially unwanted applications.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | medium | high | 2 | malware: fail Reason: undesirable applications found |
About the issueโ
Potentially unwanted applications (PUAs) can be considered a risk by some software package users. These threat types are typically used for collecting private user data, or in more extreme cases, for security mechanism tampering. Most threat prevention solutions detect and block PUAs. Software packages that trigger security solution detections also tend to increase the number of support calls and open tickets from users.
How to resolve the issueโ
- Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Potentially unwanted program (External resource - Wikipedia)
- Potentially Unwanted Apps Masquerade as Well Behaved Applications (ReversingLabs blog)