{"id":31772029,"url":"https://github.com/aboutcode-org/vulnerablecode-ai-experiments","last_synced_at":"2026-02-15T23:32:46.049Z","repository":{"id":312192056,"uuid":"974969264","full_name":"aboutcode-org/vulnerablecode-ai-experiments","owner":"aboutcode-org","description":"Experiments with AI to analyze vulnerabilities","archived":false,"fork":false,"pushed_at":"2026-01-23T14:35:45.000Z","size":33,"stargazers_count":1,"open_issues_count":3,"forks_count":3,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-24T05:58:24.098Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aboutcode-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"aboutcode-org","open_collective":"aboutcode","custom":"https://causes.benevity.org/causes/056-5528680976845_a486"}},"created_at":"2025-04-29T15:20:15.000Z","updated_at":"2026-01-23T14:35:49.000Z","dependencies_parsed_at":"2025-08-29T06:34:41.732Z","dependency_job_id":"2e4ae740-9087-4aca-adde-dd10b846ffa6","html_url":"https://github.com/aboutcode-org/vulnerablecode-ai-experiments","commit_stats":null,"previous_names":["aboutcode-org/vulnerablecode-ai-experiments"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aboutcode-org/vulnerablecode-ai-experiments","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode-ai-experiments","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode-ai-experiments/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode-ai-experiments/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode-ai-experiments/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aboutcode-org","download_url":"https://codeload.github.com/aboutcode-org/vulnerablecode-ai-experiments/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode-ai-experiments/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29492580,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T19:29:10.908Z","status":"ssl_error","status_checked_at":"2026-02-15T19:29:10.419Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-10T03:55:08.257Z","updated_at":"2026-02-15T23:32:46.044Z","avatar_url":"https://github.com/aboutcode-org.png","language":"Python","readme":"# vulnerablecode-ai-experiments\n\nThis repository contains experiments with AI-driven parsers for analyzing vulnerabilities, extracting package URLs (PURLs), and determining affected/fixed version ranges.\n\n## Usage\n\nAll parsers can be accessed through the `VulnerabilityAgent` class, which provides a unified interface for extracting structured vulnerability data.\n\n**Create an instance of the `VulnerabilityAgent`:**\n```bash\ninstance = VulnerabilityAgent()\n```\n\n## Parsing a PackageURL\n\n**Get the Package URL (PURL) from a summary**\n```bash\npurl = instance.get_purl_from_summary(summary) # Output: pkg:pypi/django-helpdesk\n```\nEnsure that the summary variable contains enough information to extract the PURL.\n\n**Get affected and fixed version ranges**\n```bash\nversion_ranges = instance.get_version_ranges(summary, purl.type)\n```\nThis will return a tuple containing two lists:\n- `affected_versions`: Versions affected by the vulnerability\n- `fixed_versions`: Versions where the vulnerability has been fixed\n\nExample output:\n```bash\nprint(version_ranges)  # Output: ([affected_version_range], [fixed_version_range]])\n```\n\n## Parsing a CPE\n\n**Get the Package URL (PURL) for the given cpe:**\n```bash\ncpe = \"cpe:2.3:a:django-helpdesk_project:django-helpdesk:-:*:*:*:*:*:*:*\"\npkg_type = \"pypi\"\npurl = instance.get_purl_from_cpe(cpe, pkg_type)\nprint(purl)  # Output: pkg:pypi/django-helpdesk\n```\nEnsure the `cpe` variable contains the relevant information to extract the PURL.\n\n## Parsing a Vulnerability\n\n**Get the Severity for the given summary:**\n```bash\nsummary = \"...\"\nseverity = instance.get_severity_from_summary(summary)\nprint(severity)  # low , medium, high , critical \n```\nEnsure the summary variable contains enough information to determine the severity.\n\n**Get the CWE for the given summary:**\n```bash\nsummary = \"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.\"\ncwes = instance.get_cwe_from_summary(summary)\nprint(cwes)  # Output: CWE-502\n```\nEnsure the summary variable contains enough information to extract the CWE list.\n \n---\n\n### LLM Configuration:\n\nTo setup your LLM model, configure the following environment variables:\n```\nOPENAI_API_KEY=\"your-open-ai-api-key\"\nOPENAI_API_BASE=\"your-open-ai-api-base\"\nOPENAI_MODEL_NAME=\"your-open-ai-api-model-name\"\nOPENAI_TEMPERATURE=your-model-temperature # must be a float value between 0 and 1\n\n# optionally, you can also set a seed to produce more reproducable outputs\nOPENAI_MODEL_SEED=1223372036854775807\n```\n\n\u003e **NOTE**: The following variables can be configured with the credentials of any OpenAI compatible API (OpenAI, Ollama, lm-studio, openrouter, etc).\n\nThe above values can either be set in your environment variables, or in a `.env` file at the root of this project. To create a `.env` file, simply clone the `.env.sample` file and update the values.\n","funding_links":["https://github.com/sponsors/aboutcode-org","https://opencollective.com/aboutcode","https://causes.benevity.org/causes/056-5528680976845_a486"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fvulnerablecode-ai-experiments","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faboutcode-org%2Fvulnerablecode-ai-experiments","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fvulnerablecode-ai-experiments/lists"}