Issue Types

Detected issue types

Type

Issue

Severity

Code

Sandworm issue ids

Sandworm assigns unique ids to license and meta type issues, via the sandwormIssueId issue property. Sandworm doesn't assign ids to vulnerabilities, as they already have a unique GitHub Advisory id, under github_advisory_id. All Sandworm-detected issues are also assigned a code - sandwormIssueCode - and an optional specifier - sandwormIssueSpecifier.

Sandworm currently assigns license issues 1XX codes and meta issues 2xx codes.

For most issues, the Sandworm id is a combination of issue code + package name + package version:

SWRM-102-spdx-license-ids-3.0.12

Some issue types might trigger more than once for a single package version, so they also append a specifier to the id:

SWRM-201 install scripts issue is created once for each install script used - preinstall or postinstall - and generates ids like SWRM-201-core-js-3.29.0-postinstall
SWRM-203, SWRM-204, and SWRM-205 are created once for each http/GIT/file dependency in a manifest, and generate ids like SWRM-203-core-js-3.29.0-react

PreviousConfiguration NextResolved Issues

Last updated 1 year ago