{"id":47623942,"url":"https://github.com/penguintechinc/skauswatch","last_synced_at":"2026-04-01T22:33:41.663Z","repository":{"id":343311706,"uuid":"606108379","full_name":"penguintechinc/skauswatch","owner":"penguintechinc","description":"Cloud security platform: S3 malware scanning (ClamAV/YARA) with threat intelligence enrichment, vulnerability   detection, EDR endpoint monitoring, enterprise secrets management with JIT access (IceBox), and AI-powered code   review integration (Darwin).","archived":false,"fork":false,"pushed_at":"2026-03-26T16:23:43.000Z","size":28459,"stargazers_count":0,"open_issues_count":24,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-26T17:11:06.403Z","etag":null,"topics":["ai","appsec","behavior","code-review","edr","enterprise","monitoring","scanner","secrets-management","security","siem","static-analysis","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/penguintechinc.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-02-24T16:07:16.000Z","updated_at":"2026-03-10T22:49:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"ea16832f-08c1-4952-9958-b2247847a950","html_url":"https://github.com/penguintechinc/skauswatch","commit_stats":null,"previous_names":["penguintechinc/skauswatch"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/penguintechinc/skauswatch","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Fskauswatch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Fskauswatch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Fskauswatch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Fskauswatch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/penguintechinc","download_url":"https://codeload.github.com/penguintechinc/skauswatch/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Fskauswatch/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292651,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","appsec","behavior","code-review","edr","enterprise","monitoring","scanner","secrets-management","security","siem","static-analysis","threat-intelligence"],"created_at":"2026-04-01T22:33:40.181Z","updated_at":"2026-04-01T22:33:41.646Z","avatar_url":"https://github.com/penguintechinc.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![CI](https://github.com/PenguinCloud/skauswatch/actions/workflows/ci.yml/badge.svg)](https://github.com/PenguinCloud/skauswatch/actions/workflows/ci.yml)\n[![Docker Build](https://github.com/PenguinCloud/skauswatch/actions/workflows/docker-build.yml/badge.svg)](https://github.com/PenguinCloud/skauswatch/actions/workflows/docker-build.yml)\n[![codecov](https://codecov.io/gh/PenguinCloud/skauswatch/branch/main/graph/badge.svg)](https://codecov.io/gh/PenguinCloud/skauswatch)\n[![version](https://img.shields.io/badge/version-v1.0.0-blue.svg)](https://semver.org)\n[![License](https://img.shields.io/badge/License-Limited%20AGPL3-blue.svg)](LICENSE.md)\n\n```\n  _____ _                    _       _       _       _       _\n / ____| |                  | |     | |     | |     | |     | |\n| (___ | | ____ _ _   _ ___| |  __ _| |_ ___| |__   (_)_ __ | |__\n \\___ \\| |/ / _` | | | / __| | / _` | __/ __| '_ \\   | | '_ \\| '_ \\\n ____) |   \u003c (_| | |_| \\__ \\ |(_| | ||(__| | | | |  | | | | | | | |\n|_____/|_|\\_\\__,_|\\__,_|___/_|\\__,_|\\__\\___|_| |_|  |_|_| |_|_| |_|\n\n```\n\n# SkausWatch\n\n**S3 malware and threat intelligence scanning platform** by Penguin Tech Inc.\n\n## What It Does\n\n- **Scans S3 buckets** for malware using ClamAV and YARA rules\n- **Enriches findings** with VirusTotal and AlienVault OTX threat intelligence\n- **Vulnerability scanning** via Nuclei, ZAP, and OpenVAS (Worker-Scanner)\n- **Endpoint monitoring** via Go-based EDR agent deployed as a K8s DaemonSet\n- **Secrets management** via IceBox sub-module (licensed add-on)\n- **AI code review** via Darwin sub-module (GitHub/GitLab webhooks)\n- **PKI and SSH CA** managed by IceBox (shims maintain v1.x API compatibility)\n- **Audit logging** and compliance reporting via AAA Monitor\n\n## Architecture\n\nEight-service Python/Go/Node.js ecosystem:\n- **Manager Service** (Quart + gRPC) - Orchestration and API gateway\n- **PKI Server** - Shim proxy to IceBox PKI (v1.x compatibility layer)\n- **SSH CA** - Shim proxy to IceBox SSH CA (v1.x compatibility layer)\n- **AAA Monitor** - Audit logging, log collection, and AI threat analysis\n- **Worker-S3** - Distributed ClamAV + YARA + threat intelligence scan workers\n- **Worker-Scanner** - Multi-engine vulnerability scanner (Nuclei, ZAP, OpenVAS)\n- **EDR Agent** - Go-based endpoint detection \u0026 response (K8s DaemonSet)\n- **WebUI** - React/TypeScript frontend dashboard\n\nSupported backends: PostgreSQL, Redis, MinIO, ClamAV, Prometheus, Grafana\n\n## Sub-Modules\n\n### IceBox (Licensed — Secrets Vault)\n\nIceBox is a licensed add-on secrets management platform providing:\n- AES-256-GCM envelope encryption (DEK per secret, MEK rotation)\n- Just-in-time (JIT) access with HMAC tokens\n- One-time secrets (view-once with atomic reveal)\n- Cloud vault sync (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, OCI, K8s)\n\n**When IceBox is installed**, PKI Server and SSH CA forward all certificate operations to\nIceBox's PKI and SSH CA backends. Without IceBox, these services run standalone.\n\n- Location: `.worktrees/icebox/icebox/` (branch: `icebox-module`)\n- Namespace: `icebox` (separate from core `skauswatch` namespace)\n- Quick start: `cd .worktrees/icebox/icebox \u0026\u0026 docker compose up -d`\n\n### Darwin (AI Code Review)\n\nDarwin provides AI-powered code review on pull requests using Claude, OpenAI, or Ollama.\n\n- Location: `darwin/` (project root)\n- Worker: `services/worker-darwin/`\n- Integrations: GitHub and GitLab webhooks\n\n## Quick Start\n\n```bash\ngit clone https://github.com/PenguinCloud/skauswatch.git\ncd skauswatch\nmake setup                    # Install dependencies\nmake dev                      # Start development environment\nmake smoke-test              # Verify installation\n```\n\n## Documentation\n\n- **Getting Started**: [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md)\n- **Testing Guide**: [docs/TESTING.md](docs/TESTING.md)\n- **Pre-Commit Checklist**: [docs/PRE_COMMIT.md](docs/PRE_COMMIT.md)\n- **Architecture \u0026 Standards**: [docs/APP_STANDARDS.md](docs/APP_STANDARDS.md)\n- **Development Standards**: [docs/STANDARDS.md](docs/STANDARDS.md)\n\n## Maintainers\n\n- **Primary**: info@penguintech.group\n- **Company**: [www.penguintech.io](https://www.penguintech.io)\n\n## License\n\nLimited AGPL3 with preamble for fair use - see [LICENSE.md](LICENSE.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpenguintechinc%2Fskauswatch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpenguintechinc%2Fskauswatch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpenguintechinc%2Fskauswatch/lists"}