Issue Types
Detected issue types
Sandworm issue ids
Sandworm assigns unique ids to license
and meta
type issues, via the sandwormIssueId
issue property. Sandworm doesn't assign ids to vulnerabilities, as they already have a unique GitHub Advisory id, under github_advisory_id
. All Sandworm-detected issues are also assigned a code - sandwormIssueCode
- and an optional specifier - sandwormIssueSpecifier
.
Sandworm currently assigns license issues 1XX
codes and meta issues 2xx
codes.
For most issues, the Sandworm id is a combination of issue code + package name + package version:
Some issue types might trigger more than once for a single package version, so they also append a specifier to the id:
SWRM-201
install scripts issue is created once for each install script used - preinstall or postinstall - and generates ids likeSWRM-201-core-js-3.29.0-postinstall
SWRM-203
,SWRM-204
, andSWRM-205
are created once for each http/GIT/file dependency in a manifest, and generate ids likeSWRM-203-core-js-3.29.0-react
Last updated