chainguard-dev/malcontent

Issues

• Measure if "threat_hunting" ruleset is worth the CPU cost

  #451 opened 3 months ago by tstromberg
  3

• Scanning `-compat` packages breaks scanning

  #536 opened 4 months ago by egibs
  2

• false positive: teleport marked CRITICAL due to multiple high risk behaviors

  #320 opened 4 months ago by tstromberg
  2

• Reorganize rules based on MBC (Malware Behavior Catalog)

  #452 opened 4 months ago by tstromberg
  2

• Add detection for kubo/injector

  #325 opened 4 months ago by tstromberg
  0

• Add `make reformat-rules` target

  #542 opened 4 months ago by tstromberg
  0

• Add platform-specific tag to rules

  #506 opened 5 months ago by r0binak
  2

• Add detection for Medusa preload

  #324 opened 4 months ago by tstromberg
  0

• VirusTotal YARA-CI - false negatives found

  #460 opened 5 months ago by tstromberg
  0

• --min-risk=high breaks overrides

  #522 opened 4 months ago by tstromberg
  2

• Add risk values to simple output

  #512 opened 4 months ago by tstromberg
  1

• diff: add --risk-change and --risk-increase flags

  #500 opened 5 months ago by tstromberg
  0

• analyze no longer streams output as results are generated

  #489 opened 5 months ago by tstromberg
  0

• action: refactor recursiveScan

  #497 opened 5 months ago by tstromberg
  0

• `make test` no longer runs sample tests

  #505 opened 5 months ago by tstromberg
  2

• `make refresh-sample-testdata` does not refresh non-diff files on macOS

  #503 opened 5 months ago by egibs
  1

• Add "filetypes" metadata to rules

  #454 opened 5 months ago by tstromberg
  3

• Add MITRE ATT&CK metadata to rules

  #453 opened 5 months ago by tstromberg
  1

• processes test: fail if anything raises "HIGH" or "CRITICAL"

  #498 opened 5 months ago by tstromberg
  0

• Rule overrides can fail if the override is iterated over before the original

  #486 opened 5 months ago by egibs
  0

• Provide override rules that lower the priority of matches

  #471 opened 5 months ago by tstromberg
  7

• scan quietly quits if a critical finding is found and multiple folders are provided

  #478 opened 5 months ago by tstromberg
  3

• action.errIfHitOrMiss: panic: runtime error: invalid memory address or nil pointer dereference

  #458 opened 5 months ago by tstromberg
  1

• analyze subcommand misses files (recursion bug? parallelism bug?)

  #449 opened 5 months ago by tstromberg
  5

• false positive: 3P/elceef/html/smuggling in superset

  #318 opened 5 months ago by tstromberg
  1

• Ideate on selectively compiling rules based on the scanned paths

  #382 opened 7 months ago by egibs
  1

• Cache bincapz-samples checkout

  #445 opened 6 months ago by tstromberg
  0

• Refactor bincapz around scan/analyze/diff subcommands

  #440 opened 6 months ago by tstromberg
  3

• Support bincapz configuration via environment variable or file

  #447 opened 6 months ago by egibs
  0

• Replace OCI test image with crane extraction

  #428 opened 6 months ago by egibs
  0

• Integrate JP-CERT YARA rules

  #442 opened 6 months ago by tstromberg
  1

• Better handling of questionable false-positives

  #414 opened 6 months ago by egibs
  0

• Infrequent nil pointer dereferences

  #434 opened 6 months ago by egibs
  1

• Investigate diff performance

  #426 opened 6 months ago by egibs
  2

• Scanning Keycloak takes a long time

  #371 opened 6 months ago by egibs
  7

• Concurrency results in non-deterministic number of scanned paths

  #423 opened 6 months ago by egibs
  0

• Address false negatives

  #334 opened 6 months ago by tstromberg
  0

• `go-yara` 4.3.3 breaks warning ID construction

  #384 opened 7 months ago by egibs
  2

• Allow for paths to be excluded from scanning.

  #381 opened 7 months ago by egibs
  0

• Improved filtering of rules by tags

  #366 opened 7 months ago by r0binak
  0

• Remove unused `--omit-empty` flag

  #348 opened 8 months ago by tstromberg
  1

• TestSimple: Empty .simple testdata files don't work properly

  #349 opened 8 months ago by tstromberg
  0

• probable false: security_controls/linux/ufw in gdb

  #336 opened 8 months ago by tstromberg
  0

• probable false: evasion/decrypt/eval in mlflow-2.14 - fontTools/misc/psLib.py

  #313 opened 8 months ago by tstromberg
  3

• probable false: 3P/gcti/sliver/implant/32bit in tailscaled

  #335 opened 8 months ago by tstromberg
  2

• Add detection for kSpreader artifacts

  #327 opened 8 months ago by tstromberg
  0

• bincapz detects bincapz binaries as malware (--ignore-self doesn't work)

  #317 opened 8 months ago by tstromberg
  0

• probable false: ransomware/conti in minio

  #312 opened 8 months ago by tstromberg
  0

• probable false: combo/backdoor/php in neovim

  #314 opened 8 months ago by tstromberg
  0

• false positive: docker as CRITICAL due to multiple HIGH risk items

  #319 opened 8 months ago by tstromberg
  0