{"id":38540986,"url":"https://github.com/gardner/hbs","last_synced_at":"2026-01-17T07:10:06.603Z","repository":{"id":323759913,"uuid":"1094535602","full_name":"gardner/hbs","owner":"gardner","description":"Experimental homebrew scanner","archived":false,"fork":false,"pushed_at":"2025-11-11T22:45:02.000Z","size":88,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-11-12T00:28:32.800Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gardner.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-11T20:54:23.000Z","updated_at":"2025-11-11T20:54:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gardner/hbs","commit_stats":null,"previous_names":["gardner/hbs"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/gardner/hbs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardner%2Fhbs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardner%2Fhbs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardner%2Fhbs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardner%2Fhbs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gardner","download_url":"https://codeload.github.com/gardner/hbs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardner%2Fhbs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28503100,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T06:57:29.758Z","status":"ssl_error","status_checked_at":"2026-01-17T06:56:03.931Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T07:10:06.521Z","updated_at":"2026-01-17T07:10:06.592Z","avatar_url":"https://github.com/gardner.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HBS Single-Node Scanner (Homebrew)\n\nA single Docker container that iteratively scans Homebrew formulae with:\n- **Static code**: Semgrep, Gitleaks, Bandit (skips bandit if no Python files)\n- **Binary/bottle**: ClamAV, YARA (simple rules included), radare2/rabin2 inventory\n\n## Build\n\n```bash\ndocker build --platform=linux/amd64 -t hbs:latest .\n````\n\n## Run\n\nMount a local output dir to collect reports (recommended):\n\n```bash\nmkdir -p out\ndocker run --platform=linux/amd64 --rm -v \"$PWD/out:/work\" hbs:latest --formula zstd\n```\n\nMultiple formulae via a file:\n\n```bash\ndocker run --platform=linux/amd64 --rm -v \"$PWD/out:/work\" hbs:latest \\\n  --formula-file /app/example.list \\\n  --os x86_64_linux\n```\n\n*OS key* picks the bottle; common values:\n\n* `x86_64_linux` (default preference)\n* `arm64_ventura`, `ventura`, `arm64_monterey`, `monterey`\n\n## Outputs\n\nFor each formula under `/work/\u003cformula\u003e/reports/`:\n\n* `static/semgrep.json` – Semgrep results (OWASP Top 10 ruleset)\n* `static/gitleaks.json` – Secrets findings\n* `static/bandit.json` – Python security findings (or a `skipped` note)\n* `binary/clamscan.log` – ClamAV infected file log lines (if any)\n* `binary/yara_matches.txt` – YARA matches\n* `binary/rabin2_inventory.jsonl` – Per-binary metadata + strings head\n\nA `manifest.json` summarizes what was scanned.\n\n## Notes \u0026 Tips\n\n* **AV signatures**: the entrypoint runs `freshclam` on start. If mirrors are flaky, it won’t crash the job.\n* **Semgrep config**: uses `p/owasp-top-ten`. You can change it in `scan.py`.\n* **Network**: the container needs egress to fetch formula metadata, sources, bottles, and semgrep rules.\n* **Safety**: we don’t execute downloaded binaries—only static scans and metadata extraction.\n\n## Example: scan three formulae\n\n```bash\nprintf \"zstd\\nwget\\njq\\n\" \u003e example.list\ndocker run --platform=linux/amd64 --rm -v \"$PWD/out:/work\" hbs:latest --formula-file /app/example.list\n```\n\nReports end up in `./out/\u003cformula\u003e/reports`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgardner%2Fhbs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgardner%2Fhbs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgardner%2Fhbs/lists"}