AUR Package Scans before installation #15
Closed
Firstp1ck
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
So I am working on a security scan for AUR packages.
I want to add the possiblity to scan an aur packages source code and the PKGBUILD
At the moment I use the following tools:
clamav - Anti-virus toolkit for Unix
trivy - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
VirusTotal API - Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches
semgrep-bin - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
I would like to ask the community if you know a tool that would be useful to scan aur sourcecode and PKGBUILD's.
Here some samples how it is implemented at the moment:
Beta Was this translation helpful? Give feedback.
All reactions