ossf/package-analysis issues and pull requests

#658 - Makefile: split buildah command out of build recipe, fix a typo and formatting

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#657 - run make directly in cloudbuild

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#656 - make combined sandbox opt-out rather than opt-in for local analysis

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago - 2 comments

#655 - update README.md in infra/ to use Makefile for build instructions

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#654 - Rename packages to improve readability.

Pull Request - State: closed - Opened by calebbrown almost 2 years ago - 11 comments

#653 - Loader net update

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#652 - use Go 1.19 in loader

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#651 - Refactor pkg/

Issue - State: closed - Opened by calebbrown almost 2 years ago - 9 comments
Labels: needs discussion, internal cleanup

#650 - Enable lint checking and fix a bunch of linter errors

Pull Request - State: closed - Opened by calebbrown almost 2 years ago - 1 comment

#649 - bump golang.org/x/net from 0.4.0 to 0.7.0

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies, go

#648 - Consider adding process identifiers (PID, TID, process name) to dynamic analysis outputs

Issue - State: open - Opened by maxfisher-g almost 2 years ago
Labels: enhancement, dynamic analysis

#647 - Bring Makefile naming in line with criticality score

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 4 comments
Labels: low priority

#646 - shorten Makefile recipes

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#645 - Enable pprof for debugging inside docker-compose.

Pull Request - State: closed - Opened by calebbrown almost 2 years ago

#644 - remove extraneous log.Label usages

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#643 - Make docker-compose more reliable.

Pull Request - State: closed - Opened by calebbrown almost 2 years ago

#642 - fix name shadowing in dynamicanalysis/analysis.go

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#641 - replace manual path joining with filepath.Join()

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#640 - Run `file` command in batch mode

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#639 - Run `file` on package files in batch mode

Issue - State: closed - Opened by maxfisher-g almost 2 years ago
Labels: enhancement, static analysis

#636 - Implement combined dynamic analysis sandbox

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago

#634 - Dynamic analysis: PHP version in sandbox is too old for some latest package versions

Issue - State: closed - Opened by maxfisher-g almost 2 years ago
Labels: dynamic analysis

#629 - Add function to parse analysis complete notification JSON

Pull Request - State: open - Opened by adaluong almost 2 years ago - 3 comments

#615 - very rudimentary rules for obfuscation detection

Pull Request - State: closed - Opened by maxfisher-g almost 2 years ago - 1 comment

#611 - Remove extraneous usages of `log.Label`

Issue - State: closed - Opened by maxfisher-g almost 2 years ago

#591 - Get static analysis results into cloud storage

Issue - State: closed - Opened by maxfisher-g almost 2 years ago - 2 comments
Labels: static analysis

#590 - Consolidate dynamic analysis sandbox images

Issue - State: closed - Opened by maxfisher-g almost 2 years ago
Labels: dynamic analysis, infrastructure

#587 - add polyfill and attack tools to sandbox container

Issue - State: closed - Opened by Alik-Kold about 2 years ago - 4 comments
Labels: enhancement, dynamic analysis

#581 - Save write buffer in separate files and create file identifiers

Pull Request - State: closed - Opened by elainechien about 2 years ago - 3 comments

#552 - Save raw pcap data

Issue - State: open - Opened by maxfisher-g about 2 years ago - 1 comment
Labels: dynamic analysis

#532 - Warnings during deployment

Issue - State: closed - Opened by maxfisher-g about 2 years ago - 1 comment
Labels: bug, infrastructure

#519 - Add more identifiers that are declared outside scope to parser output

Issue - State: open - Opened by maxfisher-g about 2 years ago
Labels: enhancement, static analysis

#516 - Add SECURITY INSIGHTS

Pull Request - State: closed - Opened by luigigubello about 2 years ago - 2 comments

#505 - Move the scheduler's PubSub messages from metadata to body

Issue - State: open - Opened by adaluong about 2 years ago - 1 comment

#461 - Migrate from JSON to Protobuf as a serialisation format

Issue - State: closed - Opened by maxfisher-g about 2 years ago - 1 comment
Labels: enhancement, low priority

#434 - Run (dynamic) analysis as part of CI/CD

Issue - State: closed - Opened by maxfisher-g about 2 years ago - 1 comment

#433 - Refactoring for static analysis

Pull Request - State: closed - Opened by maxfisher-g about 2 years ago - 1 comment

#397 - Save schema version with results.json data

Issue - State: closed - Opened by maxfisher-g over 2 years ago - 2 comments

#394 - Run analysis image as non-root user

Issue - State: open - Opened by maxfisher-g over 2 years ago - 1 comment
Labels: enhancement, low priority

#357 - Make it impossible to mess up the schema.json

Issue - State: closed - Opened by calebbrown over 2 years ago - 2 comments
Labels: bug

#280 - how to automate analyze result ?

Issue - State: closed - Opened by ultramaxim over 2 years ago - 3 comments
Labels: question, needs discussion

#242 - Loader is failing with JSON issues.

Issue - State: closed - Opened by calebbrown almost 3 years ago - 6 comments
Labels: bug, good first issue

#227 - Save analyzed packages

Issue - State: closed - Opened by oliverchang almost 3 years ago - 1 comment
Labels: enhancement, good first issue

#185 - Apply the logging labels "ecosystem", "package" and "version" across all logging during an analysis run.

Issue - State: closed - Opened by calebbrown about 3 years ago - 4 comments
Labels: internal cleanup

#185 - Apply the logging labels "ecosystem", "package" and "version" across all logging during an analysis run.

Issue - State: open - Opened by calebbrown about 3 years ago - 2 comments
Labels: internal cleanup

#147 - Generate diffs between versions, or between published package and source repo

Issue - State: closed - Opened by oliverchang about 3 years ago - 3 comments
Labels: enhancement, needs discussion

#3 - Creating Infrastructure using Pulumi

Pull Request - State: closed - Opened by naveensrinivasan almost 4 years ago - 2 comments

GitHub / ossf/package-analysis issues and pull requests