Malicious Packages Detection
Malicious Packages vs. Common Vulnerabilities and Exposures
Malicious packages and traditional Common Vulnerabilities and Exposures (CVEs) both pose security risks to software applications, but they differ in their origin and nature.
Traditional CVEs typically refer to unintentional vulnerabilities or weaknesses in legitimate software, resulting from coding errors, design flaws, or configuration issues. These vulnerabilities can be exploited by attackers to gain unauthorized access, cause a denial of service, or execute other malicious actions.
In contrast, malicious packages are intentionally designed by threat actors to masquerade as legitimate software while incorporating harmful functionality, such as data theft, remote access, or system compromise. Malicious packages can be distributed through public repositories, supply chain attacks, or social engineering tactics, and they often exploit the trust placed in open-source software and package managers. While addressing traditional CVEs often involves patching or updating affected software, mitigating malicious packages requires detecting and removing them from both the software supply chain and the development environment, and implementing measures to prevent their introduction in the first place.
Malicious Package detection
GitGuardian SCA module integrates with leading open source vulnerability databases, providing up-to-date information on known malicious packages and indicators of compromise. This enables the module to identify new and emerging threats as they are discovered from your existing dependencies.
When detected, GitGuardian uses the same approach as traditional CVE, meaning that GitGuardian automatically creates an incident from the incident Dashboard. Such incidents are highlighted with a Malicious severity and always come with an EPSS and CVSS score ranked 10 as they are designed to introduce a vulnerability that is most likely exploited.
Additional details can be accessed from the incident's information panel, which should assist you in the remediation process.
Likewise traditional CVEs, the Sources view highlights dependencies having malicious incidents and places them at the top of the list.
The Analytics view also provides the same metrics on such incidents.
Was this page helpful?
