This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Malware policies

Learn about the finding policy templates for malware.

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Learn about the finding policy templates for malware.

Endor Labs provides the following security policies to identify malware in software dependencies. See Finding Policies for details on how to enable, disable, or edit malware policies.

Policy Description Severity
Malware Malicious software in dependencies pose significant security risks to your applications and infrastructure. Raise findings for packages containing known malware or suspicious code patterns that may indicate malicious intent. Critical

You can enable or disable this policy, and the system generates malware findings differently based on that choice.

  • Malware finding policy is disabled: Malware findings are produced through the Vulnerabilities policy and are restricted to information sourced from the OSV database.
  • Malware finding policy is enabled: Malware findings are generated through the dedicated malware policy, which leverages a broader malware database that extends beyond OSV. This approach can include explanatory context for the findings, supported by additional data sources.