Skip to content

Enhance malicious-package-report object with OSV credits, purl, and reference-type; bump version #519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adulau merged 1 commit into from
May 11, 2026
+54 −3
Merged

Enhance malicious-package-report object with OSV credits, purl, and reference-type; bump version #519

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 54 additions & 3 deletions objects/malicious-package-report/definition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,37 @@
"ui-priority": 8
},
"analysis": {
"description": "Behavioral details explaining why the package is malicious (payload, trigger, campaign, impact).",
"description": "Behavioral details explaining why the package is malicious (payload, trigger, campaign, impact), typically sourced from OSV summary/details and related contextual fields.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 7
},
"credit": {
"description": "Credit entry from OSV credits[].name (person, team, or organization acknowledged for discovery, analysis, or remediation).",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 5
},
"credit-role": {
"description": "Role annotation from OSV credits[].type (e.g. FINDER, ANALYST, COORDINATOR, REMEDIATION_DEVELOPER, REMEDIATION_REVIEWER, REMEDIATION_VERIFIER, TOOL, SPONSOR, OTHER).",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"ANALYST",
"COORDINATOR",
"FINDER",
"OTHER",
"REMEDIATION_DEVELOPER",
"REMEDIATION_REVIEWER",
"REMEDIATION_VERIFIER",
"REPORTER",
"SPONSOR",
"TOOL"
],
"ui-priority": 5
},
"ecosystem": {
"description": "Package ecosystem from OSV package.ecosystem (e.g. npm, PyPI, Maven, Go).",
"disable_correlation": true,
Expand Down Expand Up @@ -61,13 +87,38 @@
"misp-attribute": "text",
"ui-priority": 10
},
"package-purl": {
"description": "Package URL from OSV package.purl (preferred package identifier for correlation across advisories and ecosystems).",
"misp-attribute": "text",
"ui-priority": 10
},
"reference": {
"description": "Reference URL to advisories, source reports, or related analysis.",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 6
},
"reference-type": {
"description": "Reference kind from OSV references[].type (e.g. ADVISORY, ARTICLE, REPORT, DETECTION, FIX, INTRODUCED, EVIDENCE, WEB).",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"ADVISORY",
"ARTICLE",
"DETECTION",
"DISCUSSION",
"EVIDENCE",
"FIX",
"GIT",
"INTRODUCED",
"PACKAGE",
"REPORT",
"WEB"
],
"ui-priority": 6
},
"report-id": {
"description": "OSV report identifier (e.g. MAL-2025-XXXX).",
"misp-attribute": "text",
Expand Down Expand Up @@ -99,5 +150,5 @@
"report-id"
],
"uuid": "2f8a8711-6ef8-4a9d-89de-f547670573cb",
"version": 1
}
"version": 4
}
Loading