Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allows setting pypi sources for private deployments #189

Open
coffeehb opened this issue Mar 3, 2023 · 1 comment
Open

Allows setting pypi sources for private deployments #189

coffeehb opened this issue Mar 3, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@coffeehb
Copy link

coffeehb commented Mar 3, 2023

Thanks for sharing, it's a cool project. I plan to use this to instrument internal pypi and npm repositories。
Whether to add support for manually setting the pypi or npm source?
@christophetd christophetd added the enhancement New feature or request label Mar 8, 2023
@jamessteel123
Copy link
Contributor

Hi, you can download the packages from the repository and scan those files directly. For example

(guarddog) ~/s/guarddog ❯❯❯ wget https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl
...
2023-05-31 15:22:08 (3.59 MB/s) - ‘requests-2.31.0-py3-none-any.whl’ saved [62574/62574]

(guarddog) ~/s/guarddog ❯❯❯ guarddog pypi scan ./requests-2.31.0-py3-none-any.whl
Found 0 potentially malicious indicators scanning ./requests-2.31.0-py3-none-any.whl

(guarddog) ~/s/guarddog ❯❯❯

Is this sufficient for your use case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@christophetd @coffeehb @jamessteel123 and others