SQ30202
Detected presence of software components with advertising-supported dependencies.
priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
---|---|---|---|---|---|
fail | medium | high | 2 | malware: fail Reason: adware dependencies found |
About the issueโ
Advertising-supported software can be considered a risk by some software users. This threat type typically collects private user data, or in more extreme cases, automatically installs other unwanted software dependencies. Most threat prevention solutions detect and block adware. Some software dependencies may be optional, and could be installed or downloaded only if a certain pre-defined condition is met. When software dependencies are confirmed to be found within the software package, additional issues might also be reported. Software packages that trigger security solution detections also tend to increase the number of support calls and open tickets from users.
How to resolve the issueโ
- Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M
Recommended readingโ
- Adware (External resource - Wikipedia)
- Dependency management - Software supply chain security (External resource - Google Cloud)