{"id":13450178,"url":"https://github.com/saferwall/saferwall","last_synced_at":"2026-01-24T15:17:16.439Z","repository":{"id":37484497,"uuid":"161877713","full_name":"saferwall/saferwall","owner":"saferwall","description":":cloud: Collaborative Malware Analysis Platform at Scale ","archived":false,"fork":false,"pushed_at":"2026-01-21T19:00:36.000Z","size":110019,"stargazers_count":770,"open_issues_count":11,"forks_count":135,"subscribers_count":21,"default_branch":"main","last_synced_at":"2026-01-22T02:27:51.565Z","etag":null,"topics":["antivirus","dynamic-analysis","malware","malware-analysis","multiav","portable-executable","sandbox","security-tools","static-analysis"],"latest_commit_sha":null,"homepage":"https://saferwall.com","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saferwall.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"docs/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"LordNoteworthy"}},"created_at":"2018-12-15T06:38:12.000Z","updated_at":"2026-01-21T19:00:43.000Z","dependencies_parsed_at":"2024-04-19T14:27:44.866Z","dependency_job_id":"695d5fd6-4337-4757-89e7-f3730856d188","html_url":"https://github.com/saferwall/saferwall","commit_stats":{"total_commits":1446,"total_committers":15,"mean_commits":96.4,"dds":"0.22821576763485474","last_synced_commit":"baf0627757654666b53cbd66180e2747e1f4af41"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"purl":"pkg:github/saferwall/saferwall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saferwall%2Fsaferwall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saferwall%2Fsaferwall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saferwall%2Fsaferwall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saferwall%2Fsaferwall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saferwall","download_url":"https://codeload.github.com/saferwall/saferwall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saferwall%2Fsaferwall/sbom","scorecard":{"id":794825,"data":{"date":"2025-08-11","repo":{"name":"github.com/saferwall/saferwall","commit":"93bb571f245a2b461366e6e01a520298d5a36109"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/av-engine-update.yaml:1","Warn: no topLevel permission defined: .github/workflows/chart-release.yaml:1","Warn: no topLevel permission defined: .github/workflows/helm-ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/test.yaml:1","Warn: no topLevel permission defined: .github/workflows/vagrant.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.6.0 not signed: https://api.github.com/repos/saferwall/saferwall/releases/158715026","Warn: release artifact saferwall-0.5.0 not signed: https://api.github.com/repos/saferwall/saferwall/releases/143277609","Warn: release artifact v0.6.0 does not have provenance: https://api.github.com/repos/saferwall/saferwall/releases/158715026","Warn: release artifact saferwall-0.5.0 does not have provenance: https://api.github.com/repos/saferwall/saferwall/releases/143277609"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/av-engine-update.yaml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/av-engine-update.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/av-engine-update.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/av-engine-update.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/av-engine-update.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/av-engine-update.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/av-engine-update.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/av-engine-update.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/av-engine-update.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/av-engine-update.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/av-engine-update.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-release.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/chart-release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/chart-release.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/chart-release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/chart-release.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/chart-release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm-ci.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/helm-ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vagrant.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/saferwall/saferwall/vagrant.yaml/main?enable=pin","Warn: containerImage not pinned by hash: build/docker/Dockerfile.aggregator:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.aggregator:35: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goavast:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goavast:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goavira:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goavira:37: pin your Docker image by updating saferwall/avira:latest to saferwall/avira:latest@sha256:f0a1a6bb3b8e86dededaed079d5b9da216fba4ce8b12a06b8af7e1d7066341e4","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gobitdefender:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gobitdefender:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goclamav:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goclamav:37: pin your Docker image by updating saferwall/clamav:latest to saferwall/clamav:latest@sha256:f7085829619ebd83816a26ac49a760122a73179d56b41175f37699b9c30a26ac","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gocomodo:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gocomodo:37: pin your Docker image by updating saferwall/comodo:latest to saferwall/comodo:latest@sha256:d9cc3a590f35f6baa7c069d2b47b3fb2ef7cac3f0c7755819dd395fe9cc2be2b","Warn: containerImage not pinned by hash: build/docker/Dockerfile.godrweb:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.godrweb:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goeset:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.goeset:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gofsecure:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gofsecure:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gokaspersky:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gokaspersky:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gomcafee:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gomcafee:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gometa:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gometa:35: pin your Docker image by updating saferwall/meta:latest to saferwall/meta:latest@sha256:06ca8518d4bf7363d1664d470c9d8a4101765d4a898d6531a78b72ef1b1552d9","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gosophos:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gosophos:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gosymantec:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gosymantec:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gotrendmicro:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gotrendmicro:37","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gowindefender:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.gowindefender:37: pin your Docker image by updating saferwall/windefender:latest to saferwall/windefender:latest@sha256:6c20224f2484f2c614bea1e8e8f024486a6880e7cbf02df09e304d8e207e8c95","Warn: containerImage not pinned by hash: build/docker/Dockerfile.meta:1: pin your Docker image by updating debian:buster-slim to debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc","Warn: containerImage not pinned by hash: build/docker/Dockerfile.msgpublisher:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.msgpublisher:35: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: build/docker/Dockerfile.orchestrator:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.orchestrator:35: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: build/docker/Dockerfile.pe:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.pe:35: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: build/docker/Dockerfile.postprocessor:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.postprocessor:35: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: build/docker/Dockerfile.sandbox:5","Warn: containerImage not pinned by hash: build/docker/Dockerfile.sandbox:125: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: goCommand not pinned by hash: .github/workflows/test.yaml:25","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of  43 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-23T08:37:59.409Z","repository_id":37484497,"created_at":"2025-08-23T08:37:59.409Z","updated_at":"2025-08-23T08:37:59.409Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28730317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T10:24:43.181Z","status":"ssl_error","status_checked_at":"2026-01-24T10:24:36.112Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","dynamic-analysis","malware","malware-analysis","multiav","portable-executable","sandbox","security-tools","static-analysis"],"created_at":"2024-07-31T07:00:31.867Z","updated_at":"2026-01-24T15:17:16.428Z","avatar_url":"https://github.com/saferwall.png","language":"Go","funding_links":["https://github.com/sponsors/LordNoteworthy"],"categories":["Threat Analysis","Go","Uncategorized"],"sub_categories":["Uncategorized"],"readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://saferwall.com\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\u003cimg width=\"100\" src=\"https://i.imgur.com/zjCOKPo.png\" alt=\"Saferwall logo\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cb\u003eCollaborative and Streamlined \u003cins\u003eThreat Analysis\u003c/ins\u003e at Scale\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Stars\" src=\"https://img.shields.io/github/stars/saferwall?color=green\u0026style=flat-square\"\u003e\n  \u003ca href=\"https://gitter.im/saferwall/community\"\u003e\u003cimg src=\"https://img.shields.io/gitter/room/saferwall/community?style=flat-square\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/an37PYHeZP\"\u003e\u003cimg alt=\"Discord\" src=\"https://img.shields.io/discord/803411418854064148?label=Discord\u0026style=flat-square\"\u003e\u003c/a\u003e\n  \u003cimg alt=\"Coverage\" src=\"https://img.shields.io/codecov/c/github/saferwall/saferwall?style=flat-square\"\u003e\n  \u003cimg alt=\"GitHub Workflow Status\" src=\"https://img.shields.io/github/actions/workflow/status/saferwall/saferwall/test.yaml?style=flat-square\"\u003e\n  \u003cimg alt=\"Report Card\" src=\"https://goreportcard.com/badge/github.com/saferwall/saferwall\"\u003e\n  \u003cimg alt=\"GitHub\" src=\"https://img.shields.io/github/license/saferwall/saferwall?style=flat-square\"\u003e\n  \u003c/p\u003e\n\n\u003c!-- start elevator-pitch --\u003e\n\nSaferwall allows you to analyze, triage and classify threats in just minutes.\n\n\u003c!-- end elevator-pitch --\u003e\n\n:star: **Collaborative** - Built for _security teams_ and _researchers_ to streamline analysis, identification and sharing malware samples.\n\n:cloud: **Fast \u0026 cloud-native** - Scalable and cloud-native by design, deploy in minutes to bare metal or in the cloud.\n\n:zap: **Save time** - Automate cumbersome tasks, generate IoC's and reports with **zero friction**.\n\n:package: **Batteries included** - All your favorite tools included, build intelligence feeds for hunting threats or generating signatures.\n\n:heart: **Open source first** - We are _open-source_, _developer friendly_ and _user driven._\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/lYv1B4S.png\" width=\"auto\" height=\"auto\"\u003e\u003c/p\u003e\n\n## Batteries Included\n\n- Static Analysis:\n  - File metadata, packer identification and crypto hashes.\n  - String (ASCII/Unicode and ASM) extraction.\n  - [PE (Portable Executable) file parser](https://github.com/saferwall/pe).\n  - [ELF (Executable Linkable Format) file parser](https://github.com/saferwall/elf).\n\n- Dynamic Analysis:\n  - Automated Malware Analysis using a Hypervisor based VM.\n  - Intercepting OS System Calls to build an execution trace of executable files.\n  - Generate detailed reports and gain insight into malware behavior.\n  - Choose which API's to trace, grab _screenshots_ and file changes as well as memory dumps.\n\n- Multiple AV scanner (see [disclaimer](#multiav-licenses)) supporting major vendors :\n\n  | Vendors     | status             | Vendors          | status             |\n  | ----------- | ------------------ | ---------------- | ------------------ |\n  | Avast       | :heavy_check_mark: | FSecure          | :heavy_check_mark: |\n  | Avira       | :heavy_check_mark: | Kaspersky        | :heavy_check_mark: |\n  | Bitdefender | :heavy_check_mark: | McAfee           | :heavy_check_mark: |\n  | ClamAV      | :heavy_check_mark: | Sophos           | :heavy_check_mark: |\n  | Comodo      | :heavy_check_mark: | Symantec         | :heavy_check_mark: |\n  | ESET        | :heavy_check_mark: | Windows Defender | :heavy_check_mark: |\n  | TrendMicro  | :heavy_check_mark: | DrWeb            | :heavy_check_mark: |\n\n- Integrations with your own data processing pipeline.\n\n## Get Started\n\nSaferwall takes advantage of [Kubernetes](https://kubernetes.io/) for its high availability, scalability and ecosystem behind it.\n\nEverything runs inside Kubernetes. You can either deploy it in the cloud or have it self hosted.\n\nHere are the different deployment options available depending on how you are planning to use it:\n\n- _\"I want to try it first\"_ : Use the cloud instance in [https://saferwall.com](https://saferwall.com).\n\n- _\"I want to run it locally\"_ : A [Vagrant](https://www.vagrantup.com/) box is available, the only requirements are VirtualBox and Vagrant with full support\n  of Windows, Linux and OSX, see [the guide](docs/DEPLOYING-TEST.md) for detailed steps.\n\n- _\"I want to make a PR or make changes\"_ : When you intend to make changes to the code or make PR's, see [this guide](docs/DEPLOYING-DEV.md) for detailed steps.\n\n- _\"I love it ! I want to run it in prod\"_ : First get you a [kops](https://github.com/kubernetes/kops) and check [this guide](docs/DEPLOYING-PROD.md).\n\nThe _production_ deployment using Kops automatically provisions a Kubernetes cluster hosted on AWS, GCE, DigitalOcean or OpenStack and also on bare metal. For the time being, only [AWS](https://aws.amazon.com/) is officially supported. A [helm](https://helm.sh/) chart is also provided for fast deployment. This setup works well for companies or small teams planning to scan a massive amounts of file.\n\n## Our Stack:\n\n- Golang mostly.\n- Backend: [Echo](https://echo.labstack.com/)\n- Frontend: [VueJS](https://vuejs.org/) + [Tailwind.css](https://tailwindcss.com/)\n- Messaging: [NSQ](https://nsq.io/)\n- Database: [Couchbase](https://www.couchbase.com/)\n- Logging: [Grafana Loki](https://grafana.com/oss/loki/)\n- Metrics: [Prometheus](https://prometheus.io/)\n- Visualization: [Grafana](https://grafana.com/grafana/)\n- MinIO: [Object storage](https://min.io/)\n- Deployment: [Helm](https://helm.sh/) + [Kubernetes](https://kubernetes.io/)\n\n## Current architecture / Workflow:\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/W0qXb5y.png\" width=\"600px\" height=\"auto\"\u003e\u003c/p\u003e\n\nHere is a basic workflow of what happens when a new file is submitted:\n\n- Frontend talks to the the backend via REST APIs.\n- Backend uploads samples to the object storage.\n- Backend pushes a message into the scanning queue.\n- Consumer fetches the file and copies it to the nfs share avoiding to pull the sample on every container.\n- Consumer starts scanning routines for static information such as (File metadata, File format details...)\n- Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.\n\n## MultiAV Licenses\n\n\u003e Saferwall does not distribute, bundle, or license any third-party antivirus software. Users are solely responsible for obtaining proper licenses and ensuring compliance with the terms of each antivirus vendor. The project does not encourage or endorse the use of home or personal antivirus editions in commercial, server, or multi-user environments. The authors and contributors assume no liability for misuse of this software.\n\n## Acknowledgements\n\n- [horsicq](https://github.com/horsicq) for [Detect It Easy](https://github.com/horsicq/Detect-It-Easy).\n\n## Contributing\n\nPlease read [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaferwall%2Fsaferwall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaferwall%2Fsaferwall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaferwall%2Fsaferwall/lists"}