Skip to content

add support ignore file oss #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

add support ignore file oss #859

wants to merge 10 commits into from

Conversation

cx-itay-paz
Copy link
Collaborator

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 10, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details9ef9bf0a-6688-4ebe-9f95-3c0cf3337645

New Issues (8)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL Cx6057d4e5-4760 Npm-coa-3.1.3
detailsDescription: This package was manually inspected by a security researcher and flagged as malicious ### About Classifying malicious packages is an internal proc...

ID: pgiyzn7arKvKK2h0bXzJw4rGsblWY1GLnoi1b8qiK2g%3D
Vulnerable Package
CRITICAL Cx657a3ff1-7b92 Npm-coa-3.1.3
detailsDescription: This package downloads a harmful file. File hash: ```7f986cd3c946f274cdec73f80b84855a77bc2a3c765d68897fbc42835629a5d5``` ### About Using a dynamic...

ID: jB%2B7S99v%2FtziNvPXfDBjWafF%2BHnJ3AtGXe6ZGtcFZOU%3D
Vulnerable Package
CRITICAL Cxa079aba6-fc3c Npm-coa-3.1.3
detailsDescription: This package exfiltrates stored credentials and sensitive information ### About Data exfiltration may be done in numerous ways such as through HTT...

ID: Ccbduku5vWEf4M95XTdKOzvXf5YDXpEfHvpdckjKBQM%3D
Vulnerable Package
CRITICAL Cxb34b508c-969f Npm-coa-3.1.3
detailsDescription: This package exfiltrates computer and operating system information ### About Data exfiltration may be done in numerous ways such as through HTTP r...

ID: MYVh1otCKvLLYLjxEJIHgeE5xZdWsGoOYLCP7fCw990%3D
Vulnerable Package
CRITICAL Cxb5dfb167-23a8 Npm-coa-3.1.3
detailsDescription: The npm package coa had versions published with malicious code. Users of affected versions (2.0.3 and above) should downgrade to 2.0.2 as soon as p...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: NsXzRHYxs2GisPd3p70l3m%2FGUNxiUNOvIZIomNu6qIA%3D
Vulnerable Package
CRITICAL Cxbd621f75-d5df Npm-coa-3.1.3
detailsDescription: This package downloads a harmful file. File hash: ```ea131cc5ccf6aa6544d6cb29cdb78130feed061d2097c6903215be1499464c2e``` ### About Using a dynamic...

ID: YMR6C2n6x9SwtqYvsGvaqRv3rhk1FIz0L4Iv9qGCSaY%3D
Vulnerable Package
CRITICAL Cxc2338b3a-b052 Npm-coa-3.1.3
detailsDescription: This package downloads a harmful file. File hash: ```2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd``` ### About Using a dynamic...

ID: bQ1jhHudLVKlPiT12%2FbfHrSJ5DIzncWXz0G949H0%2FZw%3D
Vulnerable Package
CRITICAL Cxc56b90ed-4804 Npm-coa-3.1.3
detailsDescription: This package executes a crypto mining software ### About Using a dynamic analysis environment (also known as a Sandbox) we can monitor filesystem ...

ID: 6B2AKtHQBmqRsAsX2YDkGl4fXl2Lm7Gh0GhuZRxPtxE%3D
Vulnerable Package

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cx-itay-paz @cx-daniel-greenspan