{"id":26053374,"url":"https://github.com/notyusheng/open-webui_secure","last_synced_at":"2025-03-08T07:28:13.078Z","repository":{"id":280655073,"uuid":"942717204","full_name":"NotYuSheng/open-webui_secure","owner":"NotYuSheng","description":"An effort to remove all critical and high CVE vulnerabilities from the popular LLM web interface open-webui.","archived":false,"fork":false,"pushed_at":"2025-03-04T15:57:34.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-04T16:28:25.001Z","etag":null,"topics":["cve","docker","docker-compose","open-webui","trivy"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NotYuSheng.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-04T15:01:58.000Z","updated_at":"2025-03-04T15:57:37.000Z","dependencies_parsed_at":"2025-03-04T16:28:29.561Z","dependency_job_id":"caf228f8-5eea-4e95-8413-8d9323e22297","html_url":"https://github.com/NotYuSheng/open-webui_secure","commit_stats":null,"previous_names":["notyusheng/open-webui_secure"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotYuSheng%2Fopen-webui_secure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotYuSheng%2Fopen-webui_secure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotYuSheng%2Fopen-webui_secure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotYuSheng%2Fopen-webui_secure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NotYuSheng","download_url":"https://codeload.github.com/NotYuSheng/open-webui_secure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242515645,"owners_count":20142069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","docker","docker-compose","open-webui","trivy"],"created_at":"2025-03-08T07:28:12.535Z","updated_at":"2025-03-08T07:28:13.069Z","avatar_url":"https://github.com/NotYuSheng.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# open-webui_secure\n\n[![GitHub last commit](https://img.shields.io/github/last-commit/NotYuSheng/open-webui_secure?color=red)](#)\n\nAn effort to remove all critical and high CVE vulnerabilities from the popular LLM web interface [open-webui](https://github.com/open-webui/open-webui).\n\n\u003e [!WARNING]\n\u003e This project is still a work in progress.\n\n**Base Image:**  \n`ghcr.io/open-webui/open-webui:git-e6ff416-cuda`  \n**Image Release Date:** 4th March 2025\n\n## Prerequisites\n- **Docker**\n- **Docker Compose**\n- **Trivy**\n\n## Setup\n1. Installation\n   ```bash\n   git clone https://github.com/NotYuSheng/open-webui_secure.git\n   cd open-webui_secure\n   ```\n2. Deploy the Service\n   ```bash\n   docker-compose up -d\n   ```\n3. Enter the Running Container: Open a shell session inside the container:\n   ```bash\n   docker exec -it open-webui_secure sh\n   ```\n4. **Fix CVEs:**\n   \n   Within the container, apply necessary fixes by uninstalling vulnerable components or making configuration adjustments. Test that the core functionalities are still working as expected.\n5. **Commit Your Changes:**\n   \n   After verifying that all functionalities (Access Control, Admin Login, User Login, RAG, Admin Panel, Agentic Tools, Native Tool Calling) are working correctly, commit your container's state:\n   ```bash\n   sudo docker commit open-webui_secure open-webui_secure:latest\n   ```\n6. **Run a Trivy Scan:** Finally, scan your committed image for vulnerabilities:\n   ```bash\n   sudo trivy image --timeout 120m open-webui_secure:latest\n   ```\n\n## Core Functionalities Under Active Testing\nThe following functionalities will be continuously tested and maintained:\n- Access Control\n  - Admin Login\n  - User Login\n- RAG\n- Agentic Tools\n- Native Tool Calling\n\n## How to Contribute\n\nContributions to improve the projects are welcomed! Follow these steps to contribute:\n\n1. **Fork the Repository:**  \n   Click the \"Fork\" button on GitHub to create your own copy.\n\n2. **Create a Feature Branch:**\n   ```bash\n   git checkout -b feature/my-feature\n   ```\n3. **Make Your Changes:**  \n   Adhere to our coding and document standards.\n\n4. **Run Security and Functional Tests:**\n   - Run a Trivy scan on your changes to ensure no critical or high vulnerabilities are introduced.\n   - Test the core functionalities (Access Control, Admin/User Login, RAG, Admin Panel, Agentic Tools, Native Tool Calling).\n\n5. **Submit a Pull Request:**  \n   Once your changes are complete, push your branch and open a pull request. Provide a clear description of your changes and the testing performed.\n\n### Contribution Guidelines\n\n- **Testing:** Ensure thorough testing for both security and functionality.\n- **Vulnerability Scanning:** Run and attach Trivy scan reports where applicable.\n- **Code Reviews:** Your changes will be reviewed for quality and adherence to security best practices.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotyusheng%2Fopen-webui_secure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnotyusheng%2Fopen-webui_secure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotyusheng%2Fopen-webui_secure/lists"}