Code Monkey home page Code Monkey logo

guac-ai-mole's Introduction

๐Ÿฅ‘ Guac-AI-Mole

Guac-AI-Mole is a large language model (LLM) powered tool to inspect and understand an organization's software supply chain. It uses LLM models, such as OpenAI GPT-4, and GUAC to query and analyze the secure supply chain artifacts, such as Software Bill of Materials (SBOM), to make actionable decisions.

๐Ÿงช This is a hackathon project. Do not use in production.

Demo

Demo will provide samples questions and answers generated by Guac-AI-Mole!

These answers are pre-generated and cached for faster response times and to avoid needing API access. You can try out your own questions and answers by setting up the app locally.

Video

Video

Development Setup

Pre-requisites

Populate registry with sample images and attached SBOMs as OCI referrers artifacts

  • Download and copy ORAS and Syft to your $PATH
  • Login to your registry (make sure to have push access) and run export REGISTRY=<registry name i.e., myregistry.io> to set your registry
  • Run scripts/populate-registry.sh to populate the registry with sample images and attached SBOMs as OCI referrers artifacts
  • You can verify the attached SBOMS by using oras discover. For example,
$ oras discover ${REGISTRY}/vul-image:latest
Discovered 1 artifact referencing latest
Digest: sha256:b6f1a6e034d40c240f1d8b0a3f5481aa0a315009f5ac72f736502939419c1855

Artifact Type           Digest
application/spdx+json   sha256:5479d40d5d27025ab4eda699e91961fc0537def2ffe850e2c19172b41eb72ca7

Ingesting SBOMs from OCI referrers to GUAC

  • Run guacone collect registry ${REGISTRY} to ingest the SBOMs from OCI referrers to GUAC. This will automatically ingest the SBOMs from the OCI referrers to GUAC.

Run the app

  • Install python dependencies with pip install -r requirements.txt
  • Run streamlit run app.py to start the Streamlit app (add --logger.level=debug for debug logs)
  • Navigate to app URL (default: http://localhost:8501)
  • Set up Open AI API-compatible (OpenAI, Azure OpenAI, LocalAI) API Key, endpoint and deployment name in the sidebar on the left
    • Alternatively, set OPENAI_API_KEY, OPENAI_API_ENDPOINT and OPENAI_API_MODEL environment variables
  • Set up GUAC GraphQL endpoint in the sidebar on the left (default: http://localhost:8080/query). This URL must be accessible from the app.
    • Alternatively, set GUAC_GRAPHQL_ENDPOINT environment variable

guac-ai-mole's People

Contributors

sozercan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.