Conversation
This document explains the functionality of Malware Scanning, which checks for malicious content in uploaded packages using ClamAV.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR adds documentation for the Malware Scanning feature, which automatically scans uploaded packages for malicious content using ClamAV. The documentation explains how the feature works, what happens when threats are detected, and distinguishes it from Enterprise Policy Management.
Changes:
- New documentation file explaining Malware Scanning functionality and its integration with ClamAV
- Includes information about threat detection behavior and next steps for false positives
- Comparison section with Enterprise Policy Management
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. | ||
|
|
||
| EPM is available to customers with our Advanced Securit add-on. |
There was a problem hiding this comment.
Spelling error: "Securit" should be "Security"
| EPM is available to customers with our Advanced Securit add-on. | |
| EPM is available to customers with our Advanced Security add-on. |
There was a problem hiding this comment.
I'm not sure it's a named feature like that. Policy Management is available to customers with our advanced security capabilities. maybe instead.
|
|
||
| ## Malware Scanning vs. Enterprise Policy Management | ||
|
|
||
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. |
There was a problem hiding this comment.
The semicolon followed by "like," is grammatically incorrect. Use a comma instead: "...pulled from Upstream sources like NPMJS, Maven Central, etc." or use "such as" instead of "like".
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. | |
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources such as NPMJS, Maven Central, etc. |
|
|
||
| If you feel a package has been incorrectly identified as containing malware, please [contact us](https://cloudsmith.com/company/contact-us). | ||
|
|
||
| ## Malware Scanning vs. Enterprise Policy Management |
There was a problem hiding this comment.
Just policy management throughout, not Enterprise Policy Management
|
|
||
| ## Malware Scanning vs. Enterprise Policy Management | ||
|
|
||
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. |
There was a problem hiding this comment.
I'd probably not capitalise Upstream here
|
|
||
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. | ||
|
|
||
| EPM is available to customers with our Advanced Securit add-on. |
There was a problem hiding this comment.
I'm not sure it's a named feature like that. Policy Management is available to customers with our advanced security capabilities. maybe instead.
|
|
||
| # Malware Scanning | ||
|
|
||
| Malware Scanning automatically checks packages for known malicious content — such as trojans, viruses, and other malware — as they are uploaded to your Cloudsmith repository. It is powered by [ClamAV](https://github.com/Cisco-Talos/clamav) and runs on every uploaded package before it becomes available for download. |
There was a problem hiding this comment.
Would probably remove your/you where we've referenced them
|
|
||
| ## Malware Scanning vs. Enterprise Policy Management | ||
|
|
||
| Enterprise Policy Management and the detection of malicious and vulnerable packages are based on security feeds and match to packages pulled from Upstream sources; like, NPMJS, Maven Central, etc. |
There was a problem hiding this comment.
I feel like the match to packages reads funny. The way we've lumped policy management with the detection and then referring to matching there.
This document explains the functionality of Malware Scanning, which checks for malicious content in uploaded packages using ClamAV.