{"id":22574889,"url":"https://github.com/thoth-station/cli-examples","last_synced_at":"2025-04-10T16:11:19.153Z","repository":{"id":37104286,"uuid":"253823911","full_name":"thoth-station/cli-examples","owner":"thoth-station","description":"Examples of Thoth's recommendations using Thamos CLI","archived":false,"fork":false,"pushed_at":"2024-01-23T02:22:05.000Z","size":120,"stargazers_count":4,"open_issues_count":2,"forks_count":9,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-24T13:51:24.570Z","etag":null,"topics":["ai-stacks","artificial-intelligence","hacktoberfest","kubernetes","openshift","tensorflow","thoth"],"latest_commit_sha":null,"homepage":"https://redhat-scholars.github.io/managing-vulnerabilities-with-thoth/managing-vulnerabilities-with-thoth/index.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thoth-station.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-07T14:48:46.000Z","updated_at":"2023-06-02T20:07:15.000Z","dependencies_parsed_at":"2023-01-20T17:15:40.484Z","dependency_job_id":null,"html_url":"https://github.com/thoth-station/cli-examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"thoth-station/template-project","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thoth-station%2Fcli-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thoth-station%2Fcli-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thoth-station%2Fcli-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thoth-station%2Fcli-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thoth-station","download_url":"https://codeload.github.com/thoth-station/cli-examples/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248251020,"owners_count":21072685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-stacks","artificial-intelligence","hacktoberfest","kubernetes","openshift","tensorflow","thoth"],"created_at":"2024-12-08T03:08:21.454Z","updated_at":"2025-04-10T16:11:19.136Z","avatar_url":"https://github.com/thoth-station.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Manage vulnerablities in your dependencies with an example application\n----------------------------------------------------------------------\n\n**See different branches for different examples**\n\nThis is an example of an application which uses Thoth's recommendations to\nrecommend a software stack for specific security requirements. The application is\nshowing one of the `Integration of Thoth\n\u003chttps://pypi.org/project/thamos\u003e`_ using Thamos CLI.\n\nFor OpenShift s2i (Source-To-Image) examples, visit `thoth-station/s2i-example\n\u003chttps://github.com/thoth-station/s2i-example\u003e`__ repository.\n\nRunning the application\n=======================\n\nOne of the integration for Thoth is `Thamos\n\u003chttps://pypi.org/project/thamos\u003e`_. You can use Thoth's recommendation engine\ndirectly from within your terminal. First, you need to clone this example repo\nand install Thamos CLI:\n\n.. code-block:: console\n\n  git clone https://github.com/thoth-station/cli-examples.git \u0026\u0026 cd cli-examples\n  pip3 install thamos\n  thamos --help\n\nThe pre-configured template for Thamos CLI is available in the\n``.thoth.yaml`` file:\n\n.. code-block:: console\n\n  cat .thoth.yaml\n\nNow you are ready to ask for advises:\n\n.. code-block:: console\n\n  thamos advise\n\nThis might take some time. Once Thoth recommends you the application stack to\nbe used for running the application, you can use Thamos to create a Python\nenvironment (based on configuration in ``.thoth.yaml``) and install the\nrecommended requirements into it:\n\n.. code-block:: console\n\n  thamos install\n\nAnd finally, run the application:\n\n.. code-block:: console\n\n  thamos run ./game_of_life.py\n\nTo browse Thoth's logs produced during the resolution:\n\n.. code-block:: console\n\n  thamos log\n\nAbout the application\n=====================\n\nThe ``game_of_life.py`` program is a simple application that shows how Thamos\nmanages known vulnerablities in the dependencies of a project.  To use this\nexample application, follow the steps mentioned above relative to the\ninstallation of the Thamos CLI and to its configuration using ``.thoth.yaml``.\n\nTo introduce voluntarily a known vulnerability in the project, specify that you would like to add ``pillow`` version 8.0.0 in your requirements:\n\n.. code-block:: console\n\n  thamos add pillow==8.0.0\n\nThis version of ``pillow`` is known for introducing a vulnerability further described on the `pypa/advisory-db repository\n\u003chttps://github.com/pypa/advisory-db/blob/main/vulns/pillow/PYSEC-2021-94.yaml\u003e`_.\nThamos can also manage user requirements for dependencies using `constraints files\n\u003chttps://pip.pypa.io/en/stable/user_guide/#constraints-files\u003e`_. To add ``pillow`` version 8.0.0 in your dependency requirements this way, you can simply write the package with its version into this file.\n\nTo get a stack guidance based on security, run the following command:\n\n.. code-block:: console\n\n  thamos advise --recommendation-type security\n\nor modify the ``recommendation_type`` field to ``security`` in ``.thoth.yaml`` to set it as your default recommendation type, and simply run:\n\n.. code-block:: console\n\n  thamos advise\n\nThamos report should show that an error occured during the resolution process because a known vulnerability was found in ``pillow`` version 8.0.0 .\n\nRun the example application\n===========================\n\nNow that you know how Thamos prevents the use of unsafe dependencies in your application, you can revert to another version of ``pillow`` to complete this part of the tutorial.\nTo run the example application with the resolved dependencies, run:\n\n.. code-block:: console\n\n  thamos run ./game_of_life.py\n\nTo launch a new game with the default parameters or choose your own parameters as specified in the ``help`` section.\nClick on the coordinates to select your first generation of individuals and press ``p`` to see next generations.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthoth-station%2Fcli-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthoth-station%2Fcli-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthoth-station%2Fcli-examples/lists"}