Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / ossf/package-analysis issues and pull requests

#717 - use combined sandbox in worker

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago - 1 comment

#716 - Bump github/codeql-action from 2.3.1 to 2.3.2

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#715 - Bump github/codeql-action from 2.3.0 to 2.3.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#714 - Enable combined dynamic analysis sandbox in worker

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: dynamic analysis

#713 - Bump github/codeql-action from 2.2.11 to 2.3.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#712 - analyse-tarballs.sh: add globbing of *.tar.gz files

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#711 - Bump cloud.google.com/go/bigquery from 1.50.0 to 1.51.0 in /function/loader

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, go

#710 - Bump github/codeql-action from 2.2.11 to 2.2.12

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#709 - Bump actions/checkout from 3.5.0 to 3.5.2

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#708 - Bump actions/checkout from 3.5.0 to 3.5.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#707 - Bump github/codeql-action from 2.2.10 to 2.2.11

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#706 - Bump github/codeql-action from 2.2.9 to 2.2.10

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#705 - Is the *.tgz in line 80 of the analyze-tarballs.sh file wrong?

Issue - State: closed - Opened by coffeehb over 1 year ago - 1 comment

#704 - Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 in /function/loader

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#703 - Create BigQuery schema and ingest static analysis results

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: static analysis

#702 - Bump ossf/scorecard-action from 2.1.2 to 2.1.3

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#700 - Bump github/codeql-action from 2.2.8 to 2.2.9

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#699 - Bump actions/checkout from 3.4.0 to 3.5.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#698 - Bump github/codeql-action from 2.2.7 to 2.2.8

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#697 - Bump actions/dependency-review-action from 3.0.3 to 3.0.4

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#696 - Reorder BigQuery schema.json

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#695 - DNS requests appear to be missing or incomplete.

Issue - State: open - Opened by maxfisher-g over 1 year ago - 3 comments

#694 - Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 in /function/loader

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#693 - Bump actions/checkout from 3.3.0 to 3.4.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#692 - Bump actions/setup-go from 3.5.0 to 4.0.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#691 - Bump github/codeql-action from 2.2.6 to 2.2.7

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#690 - Simplify the passing of sandbox options around and reduce modality.

Pull Request - State: closed - Opened by calebbrown over 1 year ago - 2 comments

#689 - Sandbox failed (error starting container: exit status 125)

Issue - State: closed - Opened by rodion-gudz over 1 year ago - 9 comments

#688 - add go.work file for multi module support

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago - 1 comment

#687 - Improve analyse-tarballs.sh script

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#686 - Copy local archives into sandbox rather than mounting

Issue - State: open - Opened by maxfisher-g over 1 year ago
Labels: enhancement, good first issue

#685 - Bump github/codeql-action from 2.2.5 to 2.2.6

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#684 - fix incorrect error handling in analysis binary

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#683 - Add "tar.gz" for local PyPi package scanning supports

Issue - State: closed - Opened by coffeehb over 1 year ago - 6 comments
Labels: bug

#682 - Remove suspicious files field from obfuscation results

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#681 - feat: add urls (http+https) to json report

Pull Request - State: open - Opened by Alik-Kold over 1 year ago - 1 comment

#679 - Sandbox failed (error starting container: exit status 125)

Issue - State: closed - Opened by coffeehb over 1 year ago - 5 comments

#678 - Bump gocloud.dev from 0.28.0 to 0.29.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 4 comments
Labels: dependencies, go

#677 - Bump gocloud.dev/pubsub/kafkapubsub from 0.28.0 to 0.29.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 3 comments
Labels: dependencies, go

#676 - Update hashing implementation to reduce memory consumption

Pull Request - State: closed - Opened by calebbrown over 1 year ago

#675 - Remove retry logic as docker-compose and k8s handles it.

Pull Request - State: closed - Opened by calebbrown over 1 year ago

#674 - Use *zap.Logger in the scheduler, rather than the global log

Pull Request - State: closed - Opened by calebbrown over 1 year ago

#673 - Bump cloud.google.com/go/bigquery from 1.47.0 to 1.48.0 in /function/loader

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#672 - Allow running code as part of dynamic analysis

Issue - State: open - Opened by kushaldas over 1 year ago - 4 comments
Labels: dynamic analysis, needs discussion

#670 - Enable static analysis in worker

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#669 - Run static analysis locally by default

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#667 - rename "basic_data" to "basic" in static analysis results JSON

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#665 - Bump github/codeql-action from 2.2.4 to 2.2.5

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#664 - Add URL and IP address detection to static analysis

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: enhancement, static analysis

#663 - Make approach to defining enums consistent across the project

Issue - State: open - Opened by calebbrown over 1 year ago - 6 comments
Labels: go, needs discussion, internal cleanup

#662 - remove duplicated default text for combined sandbox option

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#661 - replace println with fmt.Println

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#660 - Bump cloud.google.com/go/bigquery from 1.46.0 to 1.47.0 in /function/loader

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#659 - increase cloudbuild timeout to 40 minutes

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#657 - run make directly in cloudbuild

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#656 - make combined sandbox opt-out rather than opt-in for local analysis

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago - 2 comments

#655 - update README.md in infra/ to use Makefile for build instructions

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#654 - Rename packages to improve readability.

Pull Request - State: closed - Opened by calebbrown over 1 year ago - 11 comments

#653 - Loader net update

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#652 - use Go 1.19 in loader

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#651 - Refactor pkg/

Issue - State: closed - Opened by calebbrown over 1 year ago - 9 comments
Labels: needs discussion, internal cleanup

#650 - Enable lint checking and fix a bunch of linter errors

Pull Request - State: closed - Opened by calebbrown over 1 year ago - 1 comment

#649 - bump golang.org/x/net from 0.4.0 to 0.7.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#648 - Consider adding process identifiers (PID, TID, process name) to dynamic analysis outputs

Issue - State: open - Opened by maxfisher-g over 1 year ago
Labels: enhancement, dynamic analysis

#647 - Bring Makefile naming in line with criticality score

Issue - State: closed - Opened by maxfisher-g over 1 year ago - 4 comments
Labels: low priority

#646 - shorten Makefile recipes

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#645 - Enable pprof for debugging inside docker-compose.

Pull Request - State: closed - Opened by calebbrown over 1 year ago

#644 - remove extraneous log.Label usages

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#643 - Make docker-compose more reliable.

Pull Request - State: closed - Opened by calebbrown over 1 year ago

#642 - fix name shadowing in dynamicanalysis/analysis.go

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#641 - replace manual path joining with filepath.Join()

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#640 - Run `file` command in batch mode

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#639 - Run `file` on package files in batch mode

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: enhancement, static analysis

#636 - Implement combined dynamic analysis sandbox

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago

#634 - Dynamic analysis: PHP version in sandbox is too old for some latest package versions

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: dynamic analysis

#629 - Add function to parse analysis complete notification JSON

Pull Request - State: open - Opened by adaluong over 1 year ago - 3 comments

#615 - very rudimentary rules for obfuscation detection

Pull Request - State: closed - Opened by maxfisher-g over 1 year ago - 1 comment

#611 - Remove extraneous usages of `log.Label`

Issue - State: closed - Opened by maxfisher-g over 1 year ago

#591 - Get static analysis results into cloud storage

Issue - State: closed - Opened by maxfisher-g over 1 year ago - 2 comments
Labels: static analysis

#590 - Consolidate dynamic analysis sandbox images

Issue - State: closed - Opened by maxfisher-g over 1 year ago
Labels: dynamic analysis, infrastructure

#587 - add polyfill and attack tools to sandbox container

Issue - State: closed - Opened by Alik-Kold over 1 year ago - 4 comments
Labels: enhancement, dynamic analysis

#581 - Save write buffer in separate files and create file identifiers

Pull Request - State: closed - Opened by elainechien over 1 year ago - 3 comments

#552 - Save raw pcap data

Issue - State: open - Opened by maxfisher-g almost 2 years ago - 1 comment
Labels: dynamic analysis

#532 - Warnings during deployment

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 1 comment
Labels: bug, infrastructure

#519 - Add more identifiers that are declared outside scope to parser output

Issue - State: open - Opened by maxfisher-g almost 2 years ago
Labels: enhancement, static analysis

#516 - Add SECURITY INSIGHTS

Pull Request - State: closed - Opened by luigigubello almost 2 years ago - 2 comments

#461 - Migrate from JSON to Protobuf as a serialisation format

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 1 comment
Labels: enhancement, low priority

#434 - Run (dynamic) analysis as part of CI/CD

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 1 comment

#433 - Refactoring for static analysis

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago - 1 comment

#397 - Save schema version with results.json data

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 2 comments

#394 - Run analysis image as non-root user

Issue - State: open - Opened by maxfisher-g almost 2 years ago - 1 comment
Labels: enhancement, low priority

#357 - Make it impossible to mess up the schema.json

Issue - State: closed - Opened by calebbrown about 2 years ago - 2 comments
Labels: bug

#280 - how to automate analyze result ?

Issue - State: closed - Opened by ultramaxim over 2 years ago - 3 comments
Labels: question, needs discussion

#242 - Loader is failing with JSON issues.

Issue - State: closed - Opened by calebbrown over 2 years ago - 6 comments
Labels: bug, good first issue