This post will show you how to automatically scan files in an IBM Cloud Object Storage (COS) bucket for viruses with the help of IBM Code Engine.

What is IBM Cloud Code Engine?

We recently announced IBM Cloud Code Engine as the newest platform to host all of your cloud native workloads. With Code Engine, you can enjoy the cloud again.

IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure using Namespace isolation, all of them can seamlessly, but securely, work together. The Code Engine experience is designed to focus on writing code and not on the infrastructure needed to host it.

Code Engine helps developers by hiding many of the complex tasks, such as configuration, dependency management, etc. Code Engine simplifies container-based management and enables you to concentrate on writing code. It also makes available many of the features of a serverless platform, such as “scale-to-zero.”

The problem

This blog post is inspired by a real client’s use case. The client has a large service platform where a lot of data gets uploaded every day, and these files are stored in IBM Cloud Object Storage (COS). COS doesn’t come with a built-in service to detect malicious files, but the client needs to be sure that no malware gets into their system, where it could exploit possible vulnerabilities. Open vulnerabilities can create the risk of losing valuable assets, which the client wants to protect. Therefore, the client needs an easy and quick solution to ensure that no infected files get inside their system.

The solution

IBM Code Engine is the perfect platform to implement such a service because it manages all the infrastructure for you and scales automatically based on the number of files uploaded in parallel. This means that IBM Code Engine offers a cheap and easy solution to check files for viruses.

The architecture

  1. A user uploads a file to an IBM COS “inbox/entry” bucket.
  2. When the job gets triggered by a file upload, it will pull the file that needs to be checked and perform a scan operation with the ClamAV anti-virus software.
  3. Depending on whether the file is infected or not, the file will be moved to either to the dirty bucket or the clean bucket.

Note: ClamAV was taken as sample because it provides good NodeJS integration (NodeJS-API). Further integration with Notification Tools (e.g., Pager Duty) would be possible for files being moved to the dirty bucket.

Lessons learned

IBM Cloud Code Engine enables a developer to develop a new scalable cloud-based service quickly and easily. Code Engine, as a serverless platform, can quickly scale jobs based on demand, and with its pay-per-call price model, the customer only pays for what he needs.

Due to its open-source-based architecture (e.g., leveraging Knative and Istio), it is easy to use, provides good portability and accelerates development workflows and workloads by managing the infrastructure for you in the background.

More resources and getting started

If you want to try IBM Cloud Code Engine out for yourself, use the tutorial and sample code provided in the project’s Github repository or visit the homepage.

If you have any questions, get help directly by reaching out to me via email.

Thanks to Oliver Rebmann and Till Koellmann for the incredible support during my time working on this project.

More from Cloud

SRG Technology drives global software services with IBM Cloud VPC under the hood

4 min read - Headquartered in Ft. Lauderdale, Florida, SRG Technology LLC. (SRGT) is a software development company supporting the education, healthcare and travel industries. Their team creates data systems that deliver the right data in real time to customers around the globe. Whether those customers are medical offices and hospitals, schools or school districts, government agencies, or individual small businesses, SRGT addresses a wide spectrum of software services and technology needs with round-the-clock innovative thinking and fresh approaches to modern data problems. The…

4 min read

IBM Tech Now: May 30, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 77 This episode, we're covering the following topics: IBM Watson Code Assistant IBM Hybrid Cloud Mesh IBM Event Automation Stay plugged in You can check out the IBM Blog Announcements for a full rundown…

< 1 min read

Strengthening cybersecurity in life sciences with IBM and AWS

7 min read - Cloud is transforming the way life sciences organizations are doing business. Cloud computing offers the potential to redefine and personalize customer relationships, transform and optimize operations, improve governance and transparency, and expand business agility and capability. Leading life science companies are leveraging cloud for innovation around operational, revenue and business models. According to a report on mapping the cloud maturity curve from the EIU, 48% of industry executives said cloud has improved data access, analysis and utilization, 45% say cloud…

7 min read

Kubernetes version 1.27 now available in IBM Cloud Kubernetes Service

< 1 min read - We are excited to announce the availability of Kubernetes version 1.27 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 22nd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.25 (soon to be 1.26); you can also choose to immediately deploy version 1.27. Learn more about deploying clusters here. Kubernetes version 1.27 In…

< 1 min read