Skip to content

AlaBouali/ubel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
ubel
ubel
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with:

  • PyPI via: ubel-pip
  • npm via: ubel-npm or ubel-pnpm or ubel-bun or ubel-yarn
  • Linux distributions via: ubel (Ubuntu-based, Debian-based, RHEL, AlmaLinux, Rocky-Linux, and Alpine)
  • Docker via: ubel-docker (if the image is based on one the mentioned Linux distros above)

Ubel runs in CLI, automation scripts, and CI/CD pipelines, producing clean JSON and PDF reports.

✨ Features

  • Full dependency resolution across ecosystems
  • OSV.dev vulnerability scanning (batch API)
  • Policy engine (block/allow by severity & infection)
  • Checking linux-package or node/python dependency or entire project (check mode)
  • Install‑time enforcement (install mode)
  • Project‑level/Host-level/kernal-level/Docker-level scanning (health mode)
  • Catches Non-CVEs
  • It is a supply-chain protection tool
  • Automatic report generation (JSON + PDF)
  • Extremely fast (seconds per scan)

📦 Installation

pip install ubel

If you are on Linux, you need to:

  • setup a virtual envirenment: python3 -m venv venv
  • run enable the virtual envirenment source venv/bin/activate
  • then run: pip install ubel

Ubel exposes binaries:

  • ubel (Linux package scanning and OS-level operations: Ubuntu-based , Debian-based, Red Hat, Almalinux, Rocky-Linux, and Alpine )
  • ubel-pip (Python ecosystem)
  • ubel-npm (Node.js ecosystem)
  • ubel-pnpm (Node.js ecosystem)
  • ubel-bun (Node.js ecosystem)
  • ubel-yarn (Node.js ecosystem)
  • ubel-docker (Docker)

🚀 Usage Overview

Main CLI

usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]

PyPI CLI

usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]

npm CLI

usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-pnpm [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-bun [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-yarn [-h] {check,install,health,init,allow,block} [extra_args ...]

docker CLI

usage: ubel-docker [-h] {health} <docker_image>

🧠 Commands Explained

check

Resolve dependencies/linux-packages → generate report → exit.

Python example:

ubel-pip check

If no extra arguments are passed, Ubel will:

  • Detect requirements.txt
  • Resolve all packages
  • Scan them
  • Output PDF + JSON

npm example:

ubel-npm check flask==3.1.0

If no args are passed, it will detect package.json automatically.

install

Same as check, but enforces policies and either blocks or allows installation.

Python example:

ubel-pip install flask==3.1.0

Or auto-detect project requirements:

ubel-pip install

npm example:

ubel-npm install express@5.0.0

Or simply:

ubel-npm install

(uses package.json automatically)

health

Scan the entire machine or running project, including:

  • Installed PyPI packages
  • Installed NPM packages
  • OS-level packages (Ubuntu-based/Debian-based/RHEL/AlmaLinux/Rocky-Linux/Alpine)
  • Docker-level packages (Ubuntu-based/Debian-based/RHEL/AlmaLinux/Rocky-Linux/Alpine)

Example: ( for linux )

ubel health

or ( for node.js app )

ubel-npm health

or ( for python app )

ubel-pip health

This mode produces large, detailed inventories and vulnerability matrices.

init

Initialize a policy file for the project or system.

Example:

ubel init

Creates default policy:

infections: block
severity:
  critical: block
  high: block
  medium: allow
  low: allow
  unknown: allow

allow / block

Override Ubel's decision from CI/CD or scripted pipelines.

The arguments can be: "low", "medium", "high", "critical".

Example:

ubel block high critical

📁 Automatic Project Detection

For npm and PyPI, when running:

  • install
  • check

without arguments:

Ubel automatically loads:

  • package.json (for npm)
  • requirements.txt (for pip)

This makes it ideal for CI/CD workflows.

📤 Output

Ubel generates:

1. JSON report

Machine‑readable, includes:

  • dependency list
  • purls
  • vulnerabilities
  • severity
  • infection state
  • policy decision
  • Generate complete SBOM-like machine inventory

2. PDF report

Human‑readable, includes:

  • summary statistics
  • per‑dependency vulnerability details
  • fix recommendations
  • tables
  • OSV reference links
  • Generate complete SBOM-like machine inventory

🧩 Ecosystem Tools

  • ubel → system packages, Linux distros
  • ubel-pip → PyPI projects, virtual environments\
  • ubel-npm → Node.js, npm, package.json projects
  • ubel-pnpm → Node.js, npm, package.json projects
  • ubel-bun → Node.js, npm, package.json projects
  • ubel-yarn → Node.js, npm, package.json projects
  • ubel-docker → Docker

Ubel – Secure every dependency, before it reaches production.

About

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).

Topics

python npm debian ubuntu redhat supply-chain kali-linux dependency-security supply-chain-security dependency-scanner almalinux supply-chain-attacks sca-scan

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages