Security Audit — Germany Open Source Mirror

Mirror Integrity Scan

All mirrored repositories are regularly scanned with ClamAV for known malware signatures. This scan detects known supply chain attacks, trojans and other malware in mirrored files.

Hinweis: This scan does not replace GPG signature verification by the package manager. It is an additional security layer, not a replacement for official package verification.

Detailed Results

The full breakdown by repository, file count and individual findings
is available for handily networks customers and supporters.

Go ad-free (ab 25€) oder Enter Customer Key

Scan interval: The scan runs weekly across all repositories containing executable files and package archives. The ClamAV signature database is automatically updated before each scan.

What is checked: Tarballs, Binaries, Skripte, DEB/RPM-Pakete und ISO-Images in den kleineren Repos (Helm, Trivy, Ollama, Portainer, PegaProx, Prometheus etc.). Large distro repos (Debian, Ubuntu, Fedora) are spot-checked.

Mirror Integrity Scan

Detaillierte Findings

Detailed Results