{"id":13574627,"url":"https://github.com/jasona7/ChatCVE","last_synced_at":"2025-04-04T15:31:34.264Z","repository":{"id":169396233,"uuid":"645379471","full_name":"jasona7/ChatCVE","owner":"jasona7","description":"ChatCVE is an app using the Langchain SQL Language Tool to give a LLM prompt experience to CVE and SBOM DevSecOps Triage Data","archived":false,"fork":false,"pushed_at":"2024-06-25T16:46:45.000Z","size":27079,"stargazers_count":17,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-05T09:44:57.078Z","etag":null,"topics":["devsecops","python","sbom","security"],"latest_commit_sha":null,"homepage":"http://alltech.digital","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jasona7.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-25T14:16:44.000Z","updated_at":"2024-10-21T12:02:39.000Z","dependencies_parsed_at":"2024-03-27T14:26:16.453Z","dependency_job_id":"aac1ffaa-ec2d-4702-b31f-0707036e860d","html_url":"https://github.com/jasona7/ChatCVE","commit_stats":null,"previous_names":["jasona7/chatcve"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasona7%2FChatCVE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasona7%2FChatCVE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasona7%2FChatCVE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasona7%2FChatCVE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jasona7","download_url":"https://codeload.github.com/jasona7/ChatCVE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247202815,"owners_count":20900844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","python","sbom","security"],"created_at":"2024-08-01T15:00:53.154Z","updated_at":"2025-04-04T15:31:29.253Z","avatar_url":"https://github.com/jasona7.png","language":"Makefile","funding_links":[],"categories":["资源列表","Tools"],"sub_categories":["项目","Reconnaissance"],"readme":"# 🌐 ChatCVE Langchain App \n\n## 🎯 Description\nThe ChatCVE Lang Chain App is an AI powered DevSecOps application 🔍, to help organizations triage and aggregate CVE (Common Vulnerabilities \u0026 Exposures) information. By leveraging state-of-the-art Natural Language Processing, ChatCVE makes detailed Software Bill of Materials (SBOM) data accessible to everyone, because Security is everyone's job.  From Security analysts to Audit and Compliance teams, ChatCVE allows a more intuitive and engaging way to extract key findings. 🤖💬\n\n## 🚀 Features\n- **🧠 Natural Language Queries**: Ask questions using plain English (or your preferred language)! No need to grapple with complex query languages. \n- **🔮 AI-Powered Analysis**: Our app is backed by the Langchain AI framework.  It can easily surface important vulnerability information using Human Language.  The requests are automatically translated to [SQL](https://python.langchain.com/docs/integrations/toolkits/sql_database) for querying specific artifact findings.\n- **⏭️ Proactive Assistance**: Anyone can identify potential concerns proactively to improve the overall Cyber Security Posture.\n- **🔁 Triage \u0026 Remediation**: Assist in Vulnerability remediation using National Vulnerability Database (NVD), Syft, and Grype wrappers.  Can be extended to triage using other CVE advisory databases.\n- **🖥️ UI/UX**: Simple Natural Language Processing command input and on-screen history log.\n\n## 📲 Installation\n\n1. Clone this repository:\n```bash\ngit clone https://github.com/jasona7/ChatCVE.git\n```\n2. Enter the project directory:\n```bash\ncd ChatCVE\n```\n3. Setup a Python environment:\n```bash\npython3 -m venv .env\nsource ./env/bin/activate\n```\n4. Install Grype and Syft\n```bash\npip install syft\ncurl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin\n```\n5. Install requirements\n```bash\npip install -r requirements.txt\n```\n6. Create the app_patrol and nvd_cves databases\n```bash\nsqlite3\u003e CREATE TABLE app_patrol (\n    NAME TEXT,\n    INSTALLED TEXT,\n    FIXED_IN TEXT,\n    TYPE TEXT,\n    VULNERABILITY TEXT,\n    SEVERITY TEXT,\n    IMAGE_TAG TEXT,\n     DATE_ADDED TEXT);\n\nsqlite3\u003e CREATE TABLE nvd_cves (\n    cve_id TEXT PRIMARY KEY,\n    source_id TEXT,\n    published TEXT,\n    last_modified TEXT,\n    vuln_status TEXT,\n    description TEXT,\n    cvss_v30_vector_string TEXT,\n    cvss_v30_base_score REAL,\n    cvss_v30_base_severity TEXT,\n    cvss_v2_vector_string TEXT,\n    cvss_v2_base_score REAL,\n    cvss_v2_base_severity TEXT,\n    weakness TEXT,\n    ref_info TEXT);\n\n5. Create an images.txt file with your images to scan.  Include the registry, repo, and version tag:\n\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/inventory:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/delivery:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/warehouse:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/notification:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/styling:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/packaging:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/printing:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/payments:latest\npublic.ecr.aws/tanzu_observability_demo_app/to-demo/loadgen:latest\npublic.ecr.aws/amazoncorretto/amazoncorretto:20-al2-jdk\npublic.ecr.aws/docker/library/tomcat:9.0.75-jdk8-corretto-al2\npublic.ecr.aws/bitnami/minio:2023.5.18\npublic.ecr.aws/p4c2e2q6/miniamplify-x86:latest\npublic.ecr.aws/xray/aws-xray-daemon:3.3.7\npublic.ecr.aws/datadog/agent:7.45.0-rc.5\npublic.ecr.aws/aws-ec2/aws-node-termination-handler:v1.19.0\npublic.ecr.aws/aws-gcr-solutions/data-transfer-hub-ecr:v1.0.4\npublic.ecr.aws/bitnami/jenkins:2.387.3\n```\n\n\n\n## 💻 Usage\n1. Initiate a scan that will kick off the SBOM and CVE artifact creation.  SBOM reports will appear in output/sbom,\nand scan summaries will appear in output/scan_summary.\n``` bash\npython scan.py\n```\n\n2. Initiate an App Patrol scan which will create SBOM records in the SQLite3 backend:\n``` bash\npython fetch_daily_nvd_cves.py\n```\n\n3. Check the SBOM records have been added:\n``` bash\nsqlite3 app_patrol.db\nsqlite\u003e SELECT * FROM app_patrol LIMIT 10;\ntar|1.34+dfsg-1||deb|CVE-2005-2541|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nlogin|1:4.8.1-1||deb|CVE-2007-5686|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\npasswd|1:4.8.1-1||deb|CVE-2007-5686|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nlibssl1.1|1.1.1n-0+deb11u3||deb|CVE-2007-6755|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nopenssl|1.1.1n-0+deb11u3||deb|CVE-2007-6755|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\njetty-setuid-java|1.0.4||java-archive|CVE-2009-5045|High|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\njetty-setuid-java|1.0.4||java-archive|CVE-2009-5046|Medium|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nlibssl1.1|1.1.1n-0+deb11u3||deb|CVE-2010-0928|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nopenssl|1.1.1n-0+deb11u3||deb|CVE-2010-0928|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\nlibc-bin|2.31-13+deb11u3||deb|CVE-2010-4756|Negligible|public.ecr.aws/tanzu_observability_demo_app/to-demo/shopping:latest|2023-05-21 15:01:15\n```\n\n4. Start a Chat-CVE OpenAI SQL Agent session (localhost:5000):\n\nNOTE: Refine guardrails, temperature, etc to improve accuracy and output.\n```bash\npython frontend/app.py\n```\n![CVE Query Interface](assets/chatcve_ui.png)\n\nNOTE: chat_cve.py will let you launch a command line session.\n\nQuery at the prompt:\n```bash\nEnter a question or type 'exit' to quit: Which NAME in app_patrol table has the most CRITICAL Severity records?\n```\n    Expected Output:\n```bash\n** Thought: I should query the app_patrol table to get the name with the most Critical CVEs. **\nThought: I should execute the query to get the results.\nAction: query_sql_db\nAction Input: SELECT NAME, COUNT(*) AS Top FROM app_patrol WHERE SEVERITY = 'Critical' GROUP BY NAME ORDER BY Top DESC LIMIT 3\nObservation: [('curl', 42), ('libcurl4', 42), ('libpcre2-8-0', 16)]\nThought: I now know the final answer.\nFinal Answer: The top 3 Names in the app_patrol table sorted by the top count of critical in the severity column are 'curl', 'libcurl4', and 'libpcre2-8-0'.\n```\n\n\n## 🌈 Software Supply Chain and Security Use Cases\n- **Security Analysts**: Assist Triage \u0026 find detailed CVE information quickly without dealing with intricate databases.\n- **Audit Teams**: Efficiently target auditing efforts and ensure compliance with security standards.\n- **Compliance Teams**: Maintain documentation and track usage for attestation efforts, ensuring all known libraries are documented.  Non technical personnel can simply use human langauge.\n- **Development Teams**: Efficiently target underlying libraries and get access to remediation suggestions.\n\n## ⭐⭐ Example prompt queries and results\n```bash\nWhat percentage of records are for curl in the app_patrol table?\n\nThought: I should query the app_patrol table to get the percentage of records for curl.\nAction: query_sql_db\nAction Input: SELECT COUNT(*) * 100.0 / (SELECT COUNT(*) FROM app_patrol) FROM app_patrol WHERE NAME = 'curl'\nObservation: [(6.006697362913353,)]\nThought: I now know the final answer.\nFinal Answer: 6.006697362913353% of records in the app_patrol table are for curl.\n\nHow many critical records are there in the app_patrol table?\n\nThought: I should query the app_patrol table for the number of critical records.\nAction: query_sql_db\nAction Input: SELECT COUNT(*) FROM app_patrol WHERE SEVERITY = 'Critical'\nObservation: [(246,)]\nThought: I now know the final answer.\nFinal Answer: There are 246 critical records in the app_patrol table.\n\nWhich name in the app_patrol table has the most Critical Severity records?\n\nThought: I should query the app_patrol table to find the name with the most Critical Severity records.\nAction: query_sql_db\nAction Input: SELECT NAME, COUNT(*) AS count FROM app_patrol WHERE SEVERITY = 'Critical' GROUP BY NAME ORDER BY count DESC LIMIT 10;\nObservation: [('curl', 42), ('libcurl4', 42), ('libpcre2-8-0', 16), ('libksba8', 15), ('jetty-setuid-java', 14), ('libdb5.3', 9), ('libtasn1-6', 9), ('zlib1g', 8), ('System.Drawing.Common', 7), ('libexpat1', 7)]\nThought: I now know the final answer.\nFinal Answer: The name with the most Critical Severity records is 'curl' with 42 records.\n```\n\n\n## 🤝 Contributing\nWe welcome your feedback! 🙌 \nFor all significant changes, please open an issue first to discuss what you'd like to improve.\n\n## 📃 License\nOur project is licensed under the [MIT License](https://choosealicense.com/licenses/mit/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasona7%2FChatCVE","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjasona7%2FChatCVE","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasona7%2FChatCVE/lists"}