SQ25101
Detected unsupported archive or software packaging formats.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | pass | low | high | None | None |
About the issueโ
Proprietary ReversingLabs analysis engine supports a wide range of commonly used archive and software packaging formats. Using automated static file decomposition technologies, the engine recursively analyzes complex software packages. Software analysis is typically conducted in multiple steps. Content identification, unpacking, validation, and classification are some of the steps performed on each analyzed file. The analysis engine may sometimes identify archive or software packaging formats that are not supported for deep file inspection or unpacking. This issue is reported for files that might contain additional software components that were not listed in the Software Bill of Materials (SBOM) due to lack of packaging format support. File reputation lookup and surface level analysis are still performed for all unsupported file formats. Therefore, some files might get detected as malicious even though they are packaged in an unsupported format.
How to resolve the issueโ
- Consult the ReversingLabs product documentation for a list of supported archive and software packaging formats.
- Consider repackaging the software in an alternative file format to increase the analysis coverage.
- Contact the ReversingLabs product management team to discuss our format coverage roadmap.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M