# Malicious package detection

OpenText Core SCA distinguishes between standard security vulnerabilities and the presence of malicious packages, treating the latter as a direct indicator of system compromise. While a typical vulnerability is defined as an unintentional flaw or weakness that *could* be exploited, malware represents an active, intentional attempt to run unauthorized code within your software.<br>

<figure><img src="/files/X0nUOMP07J1AjgG84U2n" alt=""><figcaption></figcaption></figure>

To provide comprehensive coverage against these threats, OpenText Core SCA pulls data from the osv.dev database to identify and highlight known malicious findings. These findings are surfaced within the repository view, where you can see detailed information regarding the threat and the dependencies involved. You can proactively manage these risks by creating specific Automation Rules focused on malware detection. For instance, you can configure a rule to fail a pipeline immediately or trigger a webhook to notify your security operations center the moment a compromised package is identified. This layer of defense is essential for mitigating modern supply chain attacks such as typosquatting, where attackers inject malicious code into packages with names similar to popular libraries.&#x20;

<figure><img src="/files/hxMbqd4oUSvIsijdeSJx" alt=""><figcaption></figcaption></figure>

By treating malicious package detection as a unique category of risk rather than a subset of vulnerabilities, OpenText Core SCA ensures that your team can react with the appropriate urgency when a compromise is detected


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.debricked.com/product/malicious-package-detection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.