SQ34203
Detected presence of embedded debug databases.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | low | None | secrets: warning Reason: debugging symbols found |
About the issueโ
Debug databases are typically only used during software development. On Windows, they are usually files embedded into the executable (PDB), while on Linux, they're contained inside special executable sections. The databases contain private debug symbols that make it significantly easier to reverse-engineer a closed-source application. In some cases, having a debug database is equivalent to having access to the source code. Presence of debug databases could indicate that one or more software components have been built using a debug profile, instead of the release. Private debug databases can be embedded into software components by programming language tools.
How to resolve the issueโ
- To remediate this issue and remove private debugging information, refer to your programming language toolchain documentation.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Program database (External resource - Wikipedia)
- Debug symbol (External resource - Wikipedia)