{"id":19560301,"url":"https://github.com/cybercentrecanada/assemblyline-ui","last_synced_at":"2025-10-13T00:46:06.878Z","repository":{"id":37078174,"uuid":"251580097","full_name":"CybercentreCanada/assemblyline-ui","owner":"CybercentreCanada","description":"Web interface and APIs for Assemblyline 4","archived":false,"fork":false,"pushed_at":"2025-10-10T17:10:06.000Z","size":13107,"stargazers_count":20,"open_issues_count":5,"forks_count":22,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-13T00:46:06.527Z","etag":null,"topics":["api","assemblyline","malware-analysis","socket-io","ui"],"latest_commit_sha":null,"homepage":"https://cybercentrecanada.github.io/assemblyline4_docs/","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CybercentreCanada.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-03-31T11:13:52.000Z","updated_at":"2025-09-18T15:10:11.000Z","dependencies_parsed_at":"2023-10-20T00:37:22.961Z","dependency_job_id":"373a8020-ac30-47e5-9d3b-0a3a0ac99b44","html_url":"https://github.com/CybercentreCanada/assemblyline-ui","commit_stats":{"total_commits":1792,"total_committers":17,"mean_commits":"105.41176470588235","dds":0.5770089285714286,"last_synced_commit":"30eb880a8b809de876cca56bcf93412f9bfd50b5"},"previous_names":[],"tags_count":2639,"template":false,"template_full_name":null,"purl":"pkg:github/CybercentreCanada/assemblyline-ui","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fassemblyline-ui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fassemblyline-ui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fassemblyline-ui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fassemblyline-ui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CybercentreCanada","download_url":"https://codeload.github.com/CybercentreCanada/assemblyline-ui/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fassemblyline-ui/sbom","scorecard":{"id":34721,"data":{"date":"2025-08-11","repo":{"name":"github.com/CybercentreCanada/assemblyline-ui","commit":"0edda9285890d4b51c96cde0fa7cd6a89aad5df5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":4,"reason":"Found 8/20 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENCE.md:0","Info: FSF or OSI recognized license: MIT License: LICENCE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2018-66 / GHSA-562c-5r94-xh97","Warn: Project is vulnerable to: PYSEC-2019-179 / GHSA-5wv5-4vpf-pj6m","Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq","Warn: Project is vulnerable to: PYSEC-2023-177 / GHSA-x7m3-jprg-wc5g","Warn: Project is vulnerable to: PYSEC-2018-55 / GHSA-32pc-xphx-q4f6","Warn: Project is vulnerable to: GHSA-hc5x-x2vx-497g","Warn: Project is vulnerable to: GHSA-w3h3-4rj7-4ph4","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 27 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: docker/socketio/Dockerfile:3","Warn: containerImage not pinned by hash: docker/socketio/Dockerfile:9","Warn: containerImage not pinned by hash: docker/socketio/Dockerfile:31","Warn: containerImage not pinned by hash: docker/ui/Dockerfile:3","Warn: containerImage not pinned by hash: docker/ui/Dockerfile:9","Warn: containerImage not pinned by hash: docker/ui/Dockerfile:31","Warn: containerImage not pinned by hash: plugins/external_filesource/simple_url/Dockerfile:3","Warn: containerImage not pinned by hash: plugins/external_filesource/simple_url/Dockerfile:9","Warn: containerImage not pinned by hash: plugins/external_filesource/simple_url/Dockerfile:25","Warn: containerImage not pinned by hash: plugins/external_lookup/assemblyline_lookup/Dockerfile:3","Warn: containerImage not pinned by hash: plugins/external_lookup/assemblyline_lookup/Dockerfile:9","Warn: containerImage not pinned by hash: plugins/external_lookup/assemblyline_lookup/Dockerfile:25","Warn: containerImage not pinned by hash: plugins/external_lookup/malware_bazaar/Dockerfile:1","Warn: containerImage not pinned by hash: plugins/external_lookup/malware_bazaar/Dockerfile:12","Warn: containerImage not pinned by hash: plugins/external_lookup/malware_bazaar/Dockerfile:34","Warn: containerImage not pinned by hash: plugins/external_lookup/template/Dockerfile:1","Warn: containerImage not pinned by hash: plugins/external_lookup/template/Dockerfile:12","Warn: containerImage not pinned by hash: plugins/external_lookup/template/Dockerfile:34","Warn: containerImage not pinned by hash: plugins/external_lookup/virustotal/Dockerfile:1","Warn: containerImage not pinned by hash: plugins/external_lookup/virustotal/Dockerfile:12","Warn: containerImage not pinned by hash: plugins/external_lookup/virustotal/Dockerfile:34","Warn: pipCommand not pinned by hash: docker/socketio/Dockerfile:20","Warn: pipCommand not pinned by hash: docker/ui/Dockerfile:20","Warn: pipCommand not pinned by hash: plugins/external_filesource/simple_url/Dockerfile:23","Warn: pipCommand not pinned by hash: plugins/external_lookup/assemblyline_lookup/Dockerfile:23","Warn: pipCommand not pinned by hash: plugins/external_lookup/malware_bazaar/Dockerfile:31","Warn: pipCommand not pinned by hash: plugins/external_lookup/template/Dockerfile:31","Warn: pipCommand not pinned by hash: plugins/external_lookup/virustotal/Dockerfile:31","Info:   0 out of  21 containerImage dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-14T20:03:49.470Z","repository_id":37078174,"created_at":"2025-08-14T20:03:49.471Z","updated_at":"2025-08-14T20:03:49.471Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013640,"owners_count":26085298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","assemblyline","malware-analysis","socket-io","ui"],"created_at":"2024-11-11T05:06:53.188Z","updated_at":"2025-10-13T00:46:06.841Z","avatar_url":"https://github.com/CybercentreCanada.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Discord](https://img.shields.io/badge/chat-on%20discord-7289da.svg?sanitize=true)](https://discord.gg/GUAy9wErNu)\n[![](https://img.shields.io/discord/908084610158714900)](https://discord.gg/GUAy9wErNu)\n[![Static Badge](https://img.shields.io/badge/github-assemblyline-blue?logo=github)](https://github.com/CybercentreCanada/assemblyline)\n[![Static Badge](https://img.shields.io/badge/github-assemblyline--ui-blue?logo=github)](https://github.com/CybercentreCanada/assemblyline-ui)\n[![GitHub Issues or Pull Requests by label](https://img.shields.io/github/issues/CybercentreCanada/assemblyline/ui)](https://github.com/CybercentreCanada/assemblyline/issues?q=is:issue+is:open+label:ui)\n[![License](https://img.shields.io/github/license/CybercentreCanada/assemblyline-ui)](./LICENCE.md)\n\n# Assemblyline 4 - API and Socket IO server\n\nThis component provides the User Interface as well as the different APIs and socketio endpoints for the Assemblyline 4 framework.\n\n## Image variants and tags\n\n| **Tag Type** | **Description**                                                                                  |      **Example Tag**       |\n| :----------: | :----------------------------------------------------------------------------------------------- | :------------------------: |\n|    latest    | The most recent build (can be unstable).                                                         |          `latest`          |\n|  build_type  | The type of build used. `dev` is the latest unstable build. `stable` is the latest stable build. |     `stable` or `dev`      |\n|    series    | Complete build details, including version and build type: `version.buildType`.                   | `4.5.stable`, `4.5.1.dev3` |\n\n## Components\n\n### APIs\n\nAssemblyline 4 provides a large set of API that can provide you with all the same information you will find in it's UI and even more. The list of APIs and their functionality is described in the help section of the UI.\n\nAll APIs in Assemblyline output their result in the same manner for consistency:\n\n```json\n{\n  \"api_response\": {},             //Actual response from the API\n  \"api_error_message\": \"\",        //Error message if it is an error response\n  \"api_server_version\": \"4.0.0\",  //Assemblyline version and version of the different component\n  \"api_status_code\": 200          //Status code of the response\n}\n```\n\n**NOTE**: All response codes return this output layout\n\n#### Running this component\n\n```bash\ndocker run --name ui cccs/assemblyline-service-ui\n```\n\n### SocketIO endpoints\n\nAssemblyline 4 also provide a list of SocketIO endpoints to get information about the system live. The endpoints will provide authenticated access to many Redis broadcast queues. It is a way for the system to notify user of changes and health of the system without having them to query for that information.\n\nThe following queues can be listen on:\n\n- Alerts created\n- Submissions ingested\n- Health of the system\n- State of a given running submission\n\n#### Running this component\n\n```bash\ndocker run --name socketio cccs/assemblyline-service-socketio\n```\n\n## Documentation\n\nFor more information about this Assemblyline component, follow this [overview](https://cybercentrecanada.github.io/assemblyline4_docs/overview/architecture/) of the system's architecture.\n\n---\n\n# Assemblyline 4 - API et serveur Socket IO\n\nCe composant fournit l'interface utilisateur ainsi que les différentes API et les points de terminaison Socket IO pour le framework Assemblyline 4.\n\n## Variantes et étiquettes d'image\n\n| **Type d'étiquette** | **Description**                                                                                                                    |  **Exemple d'étiquette**   |\n| :------------------: | :--------------------------------------------------------------------------------------------------------------------------------- | :------------------------: |\n|       dernière       | La version la plus récente (peut être instable).                                                                                   |          `latest`          |\n|      build_type      | Le type de compilation utilisé. `dev` est la dernière version instable. `stable` est la dernière version stable. `stable` ou `dev` |     `stable` ou `dev`      |\n|        séries        | Le détail de compilation utilisé, incluant la version et le type de compilation : `version.buildType`.                                               | `4.5.stable`, `4.5.1.dev3` |\n\n## Composants\n\n### APIs\n\nAssemblyline 4 fournit un grand nombre d'API qui peuvent vous fournir toutes les informations que vous trouverez dans l'interface utilisateur et même plus. La liste des API et de leurs fonctionnalités est décrite dans la section d'aide de l'interface utilisateur.\n\nPour des raisons de cohérence, toutes les API d'Assemblyline produisent leurs résultats de la même manière :\n\n```json\n{\n  \"api_response\": {},             //Réponse réelle de l'API\n  \"api_error_message\": \"\",        //Message d'erreur s'il s'agit d'une réponse d'erreur\n  \"api_server_version\": \"4.0.0\",  //Assemblyline version et version des différents composants\n  \"api_status_code\": 200          //Code d'état de la réponse\n}\n```\n\n**NOTE** : Tous les codes de réponse renvoient cette présentation de sortie\n\n#### Exécuter ce composant\n\n```bash\ndocker run --name ui cccs/assemblyline-service-ui\n```\n\n### Points d'extrémité SocketIO\n\nAssemblyline 4 fournit également une liste de points de contact SocketIO pour obtenir des informations sur le système en direct. Ces points de contact fournissent un accès authentifié à de nombreuses files d'attente de diffusion Redis. C'est un moyen utilisé par le système pour informer les utilisateurs des changements et de l'état du système sans qu'ils aient à faire des requêtes d'informations.\n\nLes files d'attente suivantes peuvent être écoutées :\n\n- Alertes créées\n- Soumissions reçues\n- Santé du système\n- État d'une soumission en cours\n\n#### Exécuter ce composant\n\n```bash\ndocker run --name socketio cccs/assemblyline-service-socketio\n```\n\n## Documentation\n\nPour plus d'informations sur ce composant Assemblyline, suivez ce [overview](https://cybercentrecanada.github.io/assemblyline4_docs/overview/architecture/) de l'architecture du système.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybercentrecanada%2Fassemblyline-ui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybercentrecanada%2Fassemblyline-ui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybercentrecanada%2Fassemblyline-ui/lists"}