Cloud
Open source
March 10, 2021 By Janik Bücher 3 min read

This post will show you how to automatically scan files in an IBM Cloud Object Storage (COS) bucket for viruses with the help of IBM Code Engine.

What is IBM Cloud Code Engine?

We recently announced IBM Cloud Code Engine as the newest platform to host all of your cloud native workloads. With Code Engine, you can enjoy the cloud again.

IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure using Namespace isolation, all of them can seamlessly, but securely, work together. The Code Engine experience is designed to focus on writing code and not on the infrastructure needed to host it.

Code Engine helps developers by hiding many of the complex tasks, such as configuration, dependency management, etc. Code Engine simplifies container-based management and enables you to concentrate on writing code. It also makes available many of the features of a serverless platform, such as “scale-to-zero.”

The problem

This blog post is inspired by a real client’s use case. The client has a large service platform where a lot of data gets uploaded every day, and these files are stored in IBM Cloud Object Storage (COS). COS doesn’t come with a built-in service to detect malicious files, but the client needs to be sure that no malware gets into their system, where it could exploit possible vulnerabilities. Open vulnerabilities can create the risk of losing valuable assets, which the client wants to protect. Therefore, the client needs an easy and quick solution to ensure that no infected files get inside their system.

The solution

IBM Code Engine is the perfect platform to implement such a service because it manages all the infrastructure for you and scales automatically based on the number of files uploaded in parallel. This means that IBM Code Engine offers a cheap and easy solution to check files for viruses.

The architecture

  1. A user uploads a file to an IBM COS “inbox/entry” bucket.
  2. When the job gets triggered by a file upload, it will pull the file that needs to be checked and perform a scan operation with the ClamAV anti-virus software.
  3. Depending on whether the file is infected or not, the file will be moved to either to the dirty bucket or the clean bucket.

Note: ClamAV was taken as sample because it provides good NodeJS integration (NodeJS-API). Further integration with Notification Tools (e.g., Pager Duty) would be possible for files being moved to the dirty bucket.

Lessons learned

IBM Cloud Code Engine enables a developer to develop a new scalable cloud-based service quickly and easily. Code Engine, as a serverless platform, can quickly scale jobs based on demand, and with its pay-per-call price model, the customer only pays for what he needs.

Due to its open-source-based architecture (e.g., leveraging Knative and Istio), it is easy to use, provides good portability and accelerates development workflows and workloads by managing the infrastructure for you in the background.

More resources and getting started

If you want to try IBM Cloud Code Engine out for yourself, use the tutorial and sample code provided in the project’s Github repository or visit the homepage.

If you have any questions, get help directly by reaching out to me via email.

Thanks to Oliver Rebmann and Till Koellmann for the incredible support during my time working on this project.

Was this article helpful?
YesNo
Janik Bücher
Corporate Student, IBM Germany

More from Cloud
August 27, 2024

Cloud investments soar as AI advances

3 min read - These days, cloud news often gets overshadowed by anything and everything related to AI. The truth is they go hand-in-hand since many enterprises use cloud computing to deliver AI and generative AI at scale. "Hybrid cloud and AI are two sides of the same coin because it's all about the data," said Ric Lewis, IBM’s SVP of Infrastructure, at Think 2024. To function well, generative AI systems need to access the data that feeds its models wherever it resides. Enter…

August 21, 2024

3 keys to building a robust hybrid cloud risk strategy

2 min read - Hybrid cloud has become the new normal for enterprises in nearly all industries. Many enterprises have also deployed a hybrid multicloud environment that’s reliant on an ecosystem of different cloud service providers. According to an IBM Institute for Business Value report, 71% of executives think it’s difficult to realize the full potential of a digital transformation without having a solid hybrid cloud strategy in place. Managing complex business operations across a hybrid multicloud environment presents leaders with unique challenges, not…

August 15, 2024

The power of embracing distributed hybrid infrastructure

2 min read - Data is the greatest asset to help organizations improve decision-making, fuel growth and boost competitiveness in the marketplace. But today’s organizations face the challenge of managing vast amounts of data across multiple environments. This is why understanding the uniqueness of your IT processes, workloads and applications demands a workload placement strategy based on key factors such as the type of data, necessary compute capacity and performance needed and meeting your regulatory security and compliance requirements. While hybrid cloud has become…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters