ubel 0.6.0

Supply-chain dependency firewall for: Python, Node.js, Ubuntu, Debian, Red Hat, Almalinux, Rocky Linux, Alpine, and Docker.

UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with:

• PyPI via: ubel-pip
• npm via: ubel-npm or ubel-pnpm or ubel-bun or ubel-yarn
• Linux distributions via: ubel (Ubuntu-based, Debian-based, RHEL, AlmaLinux, Rocky-Linux, and Alpine)
• Docker via: ubel-docker (if the image is based on one the mentioned Linux distros above)

Ubel runs in CLI, automation scripts, and CI/CD pipelines, producing clean JSON and PDF reports.

---

✨ Features

• Full dependency resolution across ecosystems
• OSV.dev vulnerability scanning (batch API)
• Policy engine (block/allow by severity & infection)
• Checking linux-package or node/python dependency or entire project (check mode)
• Install‑time enforcement (install mode)
• Project‑level/Host-level/kernal-level/Docker-level scanning (health mode)
• Catches Non-CVEs
• It is a supply-chain protection tool
• Automatic report generation (JSON + PDF)
• Extremely fast (seconds per scan)

---

📦 Installation

pip install ubel

If you are on Linux, you need to:

• setup a virtual envirenment: python3 -m venv venv
• run enable the virtual envirenment source venv/bin/activate
• then run: pip install ubel

Ubel exposes binaries:

• ubel (Linux package scanning and OS-level operations: Ubuntu-based , Debian-based, Red Hat, Almalinux, Rocky-Linux, and Alpine )
• ubel-pip (Python ecosystem)
• ubel-npm (Node.js ecosystem)
• ubel-pnpm (Node.js ecosystem)
• ubel-bun (Node.js ecosystem)
• ubel-yarn (Node.js ecosystem)
• ubel-docker (Docker)

---

🚀 Usage Overview

Main CLI

usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]

PyPI CLI

usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]

npm CLI

usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-pnpm [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-bun [-h] {check,install,health,init,allow,block} [extra_args ...]

usage: ubel-yarn [-h] {check,install,health,init,allow,block} [extra_args ...]

docker CLI

usage: ubel-docker [-h] {health} <docker_image>

---

🧠 Commands Explained

check

Resolve dependencies/linux-packages → generate report → exit.

Python example:

ubel-pip check

If no extra arguments are passed, Ubel will:

• Detect requirements.txt
• Resolve all packages
• Scan them
• Output PDF + JSON

npm example:

ubel-npm check flask==3.1.0

If no args are passed, it will detect package.json automatically.

---

install

Same as check, but enforces policies and either blocks or allows installation.

Python example:

ubel-pip install flask==3.1.0

Or auto-detect project requirements:

ubel-pip install

npm example:

ubel-npm install express@5.0.0

Or simply:

ubel-npm install

(uses package.json automatically)

---

health

Scan the entire machine or running project, including:

• Installed PyPI packages
• Installed NPM packages
• OS-level packages (Ubuntu-based/Debian-based/RHEL/AlmaLinux/Rocky-Linux/Alpine)
• Docker-level packages (Ubuntu-based/Debian-based/RHEL/AlmaLinux/Rocky-Linux/Alpine)

Example: ( for linux )

ubel health

or ( for node.js app )

ubel-npm health

or ( for python app )

ubel-pip health

This mode produces large, detailed inventories and vulnerability matrices.

---

init

Initialize a policy file for the project or system.

Example:

ubel init

Creates default policy:

infections: block
severity:
  critical: block
  high: block
  medium: allow
  low: allow
  unknown: allow

---

allow / block

Override Ubel's decision from CI/CD or scripted pipelines.

The arguments can be: "low", "medium", "high", "critical".

Example:

ubel block high critical

---

📁 Automatic Project Detection

For npm and PyPI, when running:

• install
• check

without arguments:

Ubel automatically loads:

• package.json (for npm)
• requirements.txt (for pip)

This makes it ideal for CI/CD workflows.

---

📤 Output

Ubel generates:

1. JSON report

Machine‑readable, includes:

• dependency list
• purls
• vulnerabilities
• severity
• infection state
• policy decision
• Generate complete SBOM-like machine inventory

2. PDF report

Human‑readable, includes:

• summary statistics
• per‑dependency vulnerability details
• fix recommendations
• tables
• OSV reference links
• Generate complete SBOM-like machine inventory

---

🧩 Ecosystem Tools

• ubel → system packages, Linux distros
• ubel-pip → PyPI projects, virtual environments\
• ubel-npm → Node.js, npm, package.json projects
• ubel-pnpm → Node.js, npm, package.json projects
• ubel-bun → Node.js, npm, package.json projects
• ubel-yarn → Node.js, npm, package.json projects
• ubel-docker → Docker

---

Ubel – Secure every dependency, before it reaches production.