listed as a threat is appearing under the security scanners as containing a threat.

These are the reports I have come across:

If we disable community steps in octopus does this deactivate ones that have already been installed?


Hi Dave,

Thanks for getting in touch! We’ve investigated our library in depth today and haven’t been able to discover the malicious content forcepoint is detecting. To our best determination that is a false-positive.

Our library, whilst a mix of official and community content, is curated and checked by our team. Changes to the steps in the library are submitted as GitHub pull requests in the public eye, and are reviewed by our team before being accepted into the library.

All that being said, you still use the community library at your own risk, and you are welcome to review the code in the library steps you’ve imported before using them in your projects.

You can disable the community library synchronisation, and remove all knowledge of the library steps if absolutely necessary, however you would need to update each project independently to delete those steps if required.

Hope that helps!