Currently, ASH utilizes security tools such as semgrep and grype, which fetch schema and vulnerability databases from the internet at command execution. This can be a limitation for users operating in isolated environments without internet access. The feature request is to introduce an offline mode for ASH, allowing it to operate without requiring internet access.
Proposed Solution:
Implement an option in ASH to run in an offline mode where all necessary dependencies and databases are pre-packaged. This would enable users to utilize ASH in environments with restricted internet access, ensuring security scanning can be performed seamlessly.
Benefits:
Isolated Environments: Users working in secure or air-gapped environments can still leverage ASH for static code scanning without the need for internet access.
Consistent Scanning: An offline mode ensures consistency in security scanning by using pre-packaged dependencies, eliminating the variability introduced by fetching databases during execution.
Improved Deployment: The offline mode allows for smoother deployment in environments with strict network restrictions, providing a more versatile tool for security-conscious users.
Expected Behavior:
When ASH is run in offline mode, it should seamlessly perform static code scanning without requiring internet access, utilizing the pre-packaged dependencies and databases.
Description:
Currently, ASH utilizes security tools such as semgrep and grype, which fetch schema and vulnerability databases from the internet at command execution. This can be a limitation for users operating in isolated environments without internet access. The feature request is to introduce an offline mode for ASH, allowing it to operate without requiring internet access.
Proposed Solution:
Implement an option in ASH to run in an offline mode where all necessary dependencies and databases are pre-packaged. This would enable users to utilize ASH in environments with restricted internet access, ensuring security scanning can be performed seamlessly.
Benefits:
Isolated Environments: Users working in secure or air-gapped environments can still leverage ASH for static code scanning without the need for internet access.
Consistent Scanning: An offline mode ensures consistency in security scanning by using pre-packaged dependencies, eliminating the variability introduced by fetching databases during execution.
Improved Deployment: The offline mode allows for smoother deployment in environments with strict network restrictions, providing a more versatile tool for security-conscious users.
Expected Behavior:
When ASH is run in offline mode, it should seamlessly perform static code scanning without requiring internet access, utilizing the pre-packaged dependencies and databases.
References: