search

nexB / purldb

Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
https://purldb.readthedocs.io/
29 stars 21 forks source link

Extend PURL Scan API endpoint to run another second code scanning tool, for virus detection with clamav #401

Closed pombredanne closed 1 month ago

pombredanne commented 2 months ago

Given a PURL, this is about scanning code for virus with clamav. This will be exposed in the purldb

keshav-space commented 1 month ago

Completed in:

The simple way to test this is to follow the below steps after installing PurlDB (https://github.com/nexB/purldb?tab=readme-ov-file#installation):

  1. Go to /api/collect/ add PURL for indexing. ex: /api/collect/?purl=pkg:gnu/libiconv@1.17&addon_pipelines=scan_for_virus
  2. Once the indexing has completed go to /api/resources/and filter out resource based on PURL to see the virus_report for malicious resource in extra_data field. ex: /api/resources/?purl=pkg:gnu/libiconv@1.17