SQ30105
Detected presence of known software supply chain attack artifacts.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | fail | high | high | 1 | malware: fail Reason: supply chain attack artifacts |
About the issueโ
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious components. The detection was made by either a static byte signature, software component identity, or a complete file hash. This malware detection method is considered highly accurate, and can typically attribute malware to previously discovered software supply chain attacks. It is common to have multiple supply chain attack artifacts that relate to a single malware incident.
How to resolve the issueโ
- If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
- Avoid using this software package.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- A (Partial) History of Software Supply Chain Attacks (ReversingLabs blog)
- Software supply chain security (ReversingLabs glossary)
- Component analysis (External resource - OWASP)