Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Stacklok Trusty as a source, and allow access to AWS #569

Open
lukehinds opened this issue Jul 8, 2024 · 2 comments
Open

Add Stacklok Trusty as a source, and allow access to AWS #569

lukehinds opened this issue Jul 8, 2024 · 2 comments

Comments

@lukehinds
Copy link
Contributor

For the past two months, stacklok trusty has been reporting malicious packages we have detected via our analysis systems. This has been via manual PRs. We would now like to expose an S3 bucket so that we can automate reporting.

For the record packages will be human vetted before creating a report

@lukehinds
Copy link
Contributor Author

cc: @calebbrown point me to any set up docs and we are happy to do the lifting from our side.

@calebbrown
Copy link
Contributor

calebbrown commented Jul 12, 2024

Hi! Very happy to help integrate. There aren't many docs at the moment. I'll try and extend them to help.

In the mean time you can see some of the automated ingestion that has occurred in the past to get an idea about the structure of the OSV documents we expect.

There are some more details in the CONTRIBUTING.md doc that may help.

Regarding auth I need to document this more thoroughly too. For AWS: a key and secret for a read-only IAM account to a bucket is sufficient. They are added to GitHub as a secret and embedded in an .aws/credentials file during the workflow that ingests the content.

Please let me know if you have any specific questions or details you may need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants