{"id":47444133,"url":"https://github.com/Octogonapus/RegistryScanner","last_synced_at":"2026-04-06T13:00:59.203Z","repository":{"id":154914421,"uuid":"580586483","full_name":"Octogonapus/RegistryScanner","owner":"Octogonapus","description":"Scans Julia registries for possible malicious behavior and misconfigurations.","archived":false,"fork":false,"pushed_at":"2023-06-13T02:34:05.000Z","size":455,"stargazers_count":6,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-13T17:35:10.020Z","etag":null,"topics":["julia","security"],"latest_commit_sha":null,"homepage":"","language":"Julia","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Octogonapus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-12-20T23:35:46.000Z","updated_at":"2023-05-15T13:34:55.000Z","dependencies_parsed_at":"2025-06-07T01:38:52.849Z","dependency_job_id":"90e07082-6b79-4fe6-931a-247014f94b8d","html_url":"https://github.com/Octogonapus/RegistryScanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Octogonapus/RegistryScanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Octogonapus%2FRegistryScanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Octogonapus%2FRegistryScanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Octogonapus%2FRegistryScanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Octogonapus%2FRegistryScanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Octogonapus","download_url":"https://codeload.github.com/Octogonapus/RegistryScanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Octogonapus%2FRegistryScanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31473271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T08:36:52.050Z","status":"ssl_error","status_checked_at":"2026-04-06T08:36:51.267Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["julia","security"],"created_at":"2026-03-23T06:00:59.902Z","updated_at":"2026-04-06T13:00:59.164Z","avatar_url":"https://github.com/Octogonapus.png","language":"Julia","funding_links":[],"categories":["Security Frameworks and Tools"],"sub_categories":["Security Scanning"],"readme":"# RegistryScanner\n\nScans Julia registries for possible malicious behavior and misconfigurations.\n\n![](./assets/findings_page.png)\n\n- [RegistryScanner](#registryscanner)\n  - [Capabilities](#capabilities)\n  - [Deployment](#deployment)\n    - [Configuration](#configuration)\n    - [Alerts](#alerts)\n\n## Capabilities\n\nRegistryScanner can find and alert you about:\n\n- Packages and pull requests introducing packages that use the same name and/or UUID as existing packages\n- Packages that are configured with bare HTTP transport\n- Registry modifications (e.g. packages that have had their URLs changed)\n- Registry misconfigurations\n  - Inconsistent package lists and registry contents\n  - Duplicate packages\n\nCurrently, only GitHub registries are supported.\n\n## Deployment\n\nRegistryScanner comes with a [Docker compose file](./docker-compose.yaml) for easy deployment.\nThe compose file includes:\n\n- The scanner backend\n- A front end, which runs on [localhost:4000](http://localhost:4000)\n- A database\n- Grafana, which provides observability and runs on [localhost:3000](http://localhost:3000)\n- Loki, which collects logs from the other services and can be accessed via Grafana\n\nLoki requires a plugin:\n\n```sh\ndocker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions\n```\n\nRegistryScanner is at its core a service which runs continuously to scan registries and pull requests, generating findings which are inserted into a database.\nThis service can be deployed independently from the rest of the services specified in the compose file if you want.\nAll it needs is a database and some secrets for GitHub integration.\nLook at the [compose file](./docker-compose.yaml) for more.\n\nIf you want to deploy RegistryScanner via Ansible, an [example playbook](./update-registry-scanner.yaml) has been included.\nIt expects this repository to be available at `../RegistryScanner`.\nIt also expects [registryscanner.service](./registryscanner.service) to be available at `files/registry-scanner/registryscanner.service`.\n\n### Configuration\n\nModify the `REGISTRIES_TO_SCAN` environment variable in [docker-compose.yaml](./docker-compose.yaml).\nAdd all the public registries you use, along with any private registries you have.\nOnly GitHub registries are supported.\n\nCreate secrets where necessary.\nAll public registries can use the same secret; this secret only needs public repository scope.\nSecrets for accessing private registries need private repository scope.\nRegistryScanner uses GraphQL, so these secrets must be classic GitHub secrets; the new fine-grained secrets do not support GraphQL at this time.\nA file named `github_token.txt` containing a personal access token is required by default, but this is configurable in the compose file.\nSecret names in the `REGISTRIES_TO_SCAN` environment variable must be the same names as the entries under the `secrets:` block in the compose file.\nView the default compose file to see how to add secrets.\n\nBuild and deploy:\n\n```sh\ndocker build RegistryScanner -t registry-scanner:latest\ndocker build RegistryScannerUI -t registry-scanner-ui:latest\necho 'your_gh_token' \u003e github_token.txt\ndocker compose up -d\n```\n\nThe main UI runs on [localhost:4000](http://localhost:4000).\n\nGrafana and Loki are available on [localhost:3000](http://localhost:3000).\nView logs via Expore \u003e Loki \u003e `compose_service = scanner`.\n\n### Alerts\n\nAlerts are pre-configured, but delivery is not.\nConfigure the default contact point in Grafana with your preferred integration to receive these alerts.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOctogonapus%2FRegistryScanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOctogonapus%2FRegistryScanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOctogonapus%2FRegistryScanner/lists"}