aboutcode-org / scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
https://scancodeio.readthedocs.io
Apache License 2.0
119 stars 89 forks source link

Add security-focused pipeline to scan for effective potential malware detection #1070

Open pombredanne opened 9 months ago

pombredanne commented 9 months ago

Checking for the possible malware in the actual code would be awesome. This will complement the back-to-source binary analysis of software packages.

There are a few nice things we could add to such a pipeline:

tdruez commented 9 months ago

@pombredanne what would be the output of this pipeline? Some kind of report? Attaching extra data to the codebase resource? If this pipeline includes various tools, how do we aggregate those various data output?

pombredanne commented 9 months ago

what would be the output of this pipeline? Some kind of report? Attaching extra data to the codebase resource? If this pipeline includes various tools, how do we aggregate those various data output?

I could envision either of: