This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Malware detection

Understand how malware is detected, classified, and scored in Endor Labs.

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Understand how malware is detected, classified, and scored in Endor Labs.

Endor Labs detects malware in dependencies by scanning the packages used in the project and recognizing known malicious patterns.

Monitoring for known malicious packages: Scan dependencies to identify malware by cross-referencing findings with the Open Source Vulnerability (OSV) database and data from the proprietary malware feed.

Suspicious code behavior: Use malware detection rules and Semgrep-based rules to scan open source packages dependencies for suspicious code patterns and behaviors. These rules analyze code structures, detect anomalies, and identify potential threats.

Endor Labs provides a set of malware policies designed to identify, and manage malicious or suspicious code in your project, ensuring potential security risks are detected early.

  1. Enable malware finding policy to detect malicious code and findings in your project. You can edit the policy to change the severity and template parameters.

  2. Configure malware action policy to specify how detected malware findings should be handled automatically, including notifications, blocking actions, and workflow triggers.

  3. Configure malware exception policy to exclude malware findings under defined conditions. This filters out false positives and keeps the focus on critical risks.

You can view the malware findings, prioritize them, and take corrective action.

  1. Sign in to Endor Labs and select Projects from the left sidebar.
  2. Select the project for which you want to view the malware.
  3. Select Malware under Code Dependencies to view malware findings.

Malware Findings

  1. Select a finding to view detailed information of the malware in the right sidebar.

    The right sidebar contains the following information:

  • Project: The name of the project where the malware is found, finding policy, categories and attributes of the project.
  • Risk Details:
    • Explanation of the finding.
    • Reasoning tells why the package is classified as malware.
    • Recommended remediation.
  • Metadata: Contains details such as the vulnerability IDs, ecosystem, package release date, and advisory publication date.

Malware Findings Side Panel

  1. Click View Details, then select Dependency Path to view the dependency path.

Malware Findings view details page