iss-lab
diff --git a/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions b/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 29 additions & 0 deletions b/‎.gitignore‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 29 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 31 additions & 0 deletions b/‎LICENSE‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 57 additions & 0 deletions b/‎README.md‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎controllers/health.go‎
Lines changed: 11 additions & 0 deletions b/‎controllers/health.go‎
Lines changed: 11 additions & 0 deletions
@@ -0,0 +1 @@
+.git/
@@ -0,0 +1,29 @@
+# ---> Go
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+*.env
+
+vls-api
+tmp/
@@ -0,0 +1,29 @@
+FROM golang:1.19.5-alpine AS BUILDER
+
+WORKDIR /app
+
+COPY . /app/
+
+RUN go get -d -v ./...
+
+RUN go install -v ./...
+
+RUN export GO111MODULE=on
+
+RUN go build
+
+RUN ls -ltr
+
+FROM alpine
+
+RUN apk add py3-pip gcc libc-dev linux-headers alpine-sdk python3-dev g++ libffi-dev openssl-dev
+
+WORKDIR /
+
+COPY --from=BUILDER /app/vls-api /
+
+RUN ls -ltr
+
+EXPOSE 3000
+
+ENTRYPOINT [ "./vls-api" ]
@@ -0,0 +1,31 @@
+MIT License
+
+Copyright (c) 2023 Technology Innovation Lab
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+In addition, the following restrictions apply:
+
+1. The Software and any modifications made to it may not be used for the purpose of training or improving machine learning algorithms,
+including but not limited to artificial intelligence, natural language processing, or data mining. This condition applies to any derivatives,
+modifications, or updates based on the Software code.
+
+2. The Software may not be included in any dataset used for training or improving machine learning algorithms,
+including but not limited to artificial intelligence, natural language processing, or data mining.
+
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,57 @@
+# Vulnerability Lookup Service API
+
+The **Vulnerability Lookup Service API** (VLS-API) is a go-lang based API, to get Vulnerabilities associated with the packages used in different programming languages. VLS-API supports multiple ecosystems for detecting vulnerabilities in packages.
+
+## Features
+ - Fetches the latest vulnerabilities data from [Open Source Vulnerability Database](https://github.com/google/osv.dev).
+ - Supports searching for vulnerabilities associated with specific packages. 
+ - Supports multiple package scan.
+ - Ecosystem Supports: **PyPI, NPM, Maven, crates.io/Rust, Go**
+ - Easy to integrate with other applications & services.
+ - Fast and Efficient performance.
+
+## Build
+
+It is recommended to run the VLS-API as a docker container. To build and run the VLS-API, follow these steps
+
+1. We have a docker file, build a docker image using:
+    ```docker
+    docker build -t iss-lab/vls-api .
+    ```
+
+2. Start the docker container :
+    ```docker
+    docker run --rm -d -p 3000:3000 iss-lab/vls-api
+    ```
+
+**Note** : The vls-api can be accessed via url `http://localhost:3000/`
+
+## API Endpoints
+
+The API provides the following endpoints:
+
+### 1. POST  ***/scan***
+
+- The request sent to `/scan` returns the Summary, Description and Severity of the vulnerabilities existing in the package. An attribute `overallSeverity` gives a summary of the severity of the package, based upon the severities of different vulnerabilities that exist in a package for it's specific version.
+
+#### 1.1 Request - Body
+
+The request is sent in form of JSON, which is as follows:
+
+```json
+{
+    "scan_request": [
+        {
+            "version":"",   // Version of package to be scanned
+            "name": "",     // Name of package to be scanned
+            "ecosystem": "" // Ecosystem of package to be scanned (e.g. PyPI, Maven, Go, etc.)
+        }
+    ]
+}
+```
+
+### 2. GET  ***/health***
+
+This endpoint is used to check whether the API is alive or not. 
+
+
@@ -0,0 +1,11 @@
+package controllers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func HealthController(c *gin.Context) {
+	c.String(http.StatusOK, "Alive!")
+}