March 10, 2021 By Janik Bücher 3 min read

This post will show you how to automatically scan files in an IBM Cloud Object Storage (COS) bucket for viruses with the help of IBM Code Engine.

What is IBM Cloud Code Engine?

We recently announced IBM Cloud Code Engine as the newest platform to host all of your cloud native workloads. With Code Engine, you can enjoy the cloud again.

IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions or batch jobs. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Kubernetes infrastructure using Namespace isolation, all of them can seamlessly, but securely, work together. The Code Engine experience is designed to focus on writing code and not on the infrastructure needed to host it.

Code Engine helps developers by hiding many of the complex tasks, such as configuration, dependency management, etc. Code Engine simplifies container-based management and enables you to concentrate on writing code. It also makes available many of the features of a serverless platform, such as “scale-to-zero.”

The problem

This blog post is inspired by a real client’s use case. The client has a large service platform where a lot of data gets uploaded every day, and these files are stored in IBM Cloud Object Storage (COS). COS doesn’t come with a built-in service to detect malicious files, but the client needs to be sure that no malware gets into their system, where it could exploit possible vulnerabilities. Open vulnerabilities can create the risk of losing valuable assets, which the client wants to protect. Therefore, the client needs an easy and quick solution to ensure that no infected files get inside their system.

The solution

IBM Code Engine is the perfect platform to implement such a service because it manages all the infrastructure for you and scales automatically based on the number of files uploaded in parallel. This means that IBM Code Engine offers a cheap and easy solution to check files for viruses.

The architecture

  1. A user uploads a file to an IBM COS “inbox/entry” bucket.
  2. When the job gets triggered by a file upload, it will pull the file that needs to be checked and perform a scan operation with the ClamAV anti-virus software.
  3. Depending on whether the file is infected or not, the file will be moved to either to the dirty bucket or the clean bucket.

Note: ClamAV was taken as sample because it provides good NodeJS integration (NodeJS-API). Further integration with Notification Tools (e.g., Pager Duty) would be possible for files being moved to the dirty bucket.

Lessons learned

IBM Cloud Code Engine enables a developer to develop a new scalable cloud-based service quickly and easily. Code Engine, as a serverless platform, can quickly scale jobs based on demand, and with its pay-per-call price model, the customer only pays for what he needs.

Due to its open-source-based architecture (e.g., leveraging Knative and Istio), it is easy to use, provides good portability and accelerates development workflows and workloads by managing the infrastructure for you in the background.

More resources and getting started

If you want to try IBM Cloud Code Engine out for yourself, use the tutorial and sample code provided in the project’s Github repository or visit the homepage.

If you have any questions, get help directly by reaching out to me via email.

Thanks to Oliver Rebmann and Till Koellmann for the incredible support during my time working on this project.

Was this article helpful?

More from Cloud

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters