search

chainguard-dev / malcontent

#supply #chain #attack #detection
Apache License 2.0
446 stars 31 forks source link

rule tuning: make severities more appropriate #510

Closed tstromberg closed 1 month ago

tstromberg commented 1 month ago

risk tuning, mostly relating to "HIGH" findings in Wolfi.

Add/fix testdata missing for clean Linux files.

tstromberg commented 1 month ago

Would you mind looking at wolfi-dev/os#30457?

gitaly looks interesting.

Would it make sense to tune the linux_multi_persist rule to high or just add a quick override rule for that binary?

For now, I think the rule should hit rare enough that we should do overrides; assuming the binary we are looking at isn't doing anything bad.

egibs commented 1 month ago

gitaly looks interesting.

Indeed. AFAIK none of the previous releases triggered that rule.

Update -- investigation is here: https://github.com/wolfi-dev/os/pull/30457#issuecomment-2407363818

I'll open a PR for an override rule.