Expand description
Security scanner: YARA rules + heuristic patterns + compose validation.
See crates/sandbox-scan/AGENTS.md for boundaries and conventions.
Re-exports§
pub use cache::RULESET_VERSION;pub use engine::ScanOpts;pub use engine::ScanReport;pub use engine::scan;pub use error::Error;pub use error::Result;pub use findings::Finding;pub use findings::Findings;pub use findings::Severity;pub use project_hash::content_hash;pub use suppress::IgnoreList;pub use yara::YaraEngine;
Modules§
- cache
- Scan result cache, keyed by
(content_hash, ruleset_version). - clamav
- ClamAV motor: parses
clamscan --no-summary --infectedoutput intoFindings. - compose
- Compose validator: parses
docker-compose.yml/compose.yamlat project root and emits findings per service. - engine
- Orchestrator for the scan pipeline: cache → YARA → heuristics → compose → suppressions.
- error
- Errors surfaced by
sandbox-scan. - findings
- Output of a scan: a sequence of
Findings plus severity helpers. - heuristics
- Heuristic regex/shape checks complementing the signature-based YARA motor.
- project_
hash - Content hash of a project tree, used as the scan cache key.
- suppress
- User-global scan suppression (
~/.config/sandbox/scan-ignore.toml). - yara
- YARA motor for
sandbox-scan.