GuardDog package dependency violates best practices
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
This rule detects GuardDog findings that indicate package dependencies violating open source best practices.
Strategy
This rule monitors GuardDog scan logs for findings associated with the following behaviors:
- Executing shell commands.
- Executing code downloaded at runtime from a remote server.
- Silently spawning background processes.
- Typosquatting the name of a prominent open source package.
- Using a package maintainer email address that is unregistered and therefore open to takeover by a malicious actor.
- Using a disposable package maintainer email address, which can indicate suspicious maintenance practices.
While these behaviors are not necessarily malicious on their own, they are commonly associated with tactics, techniques, and procedures (TTPs) observed in malicious open source packages. Dependencies that exhibit these behaviors, even for legitimate purposes, violate recommended best practices for safe open source usage and warrant additional scrutiny.
Triage and response
- Review the GuardDog finding in the scan logs and inspect the relevant sections of the affected dependency’s source code or metadata.
- If the dependency is found to be malicious:
- Immediately remove all instances from your system.
- Rotate any affected credentials and perform an assessment of potential spread.
- Consider reporting the malicious dependency to the package registry where it is hosted.
