https://github.com/xprnvd/threataware

Github native application for organisations; uses OpenAI models to identify Security Risks introduced by PRs
https://github.com/xprnvd/threataware

github-security gpt openai pull-requests security security-risks

Last synced: 6 months ago
JSON representation

Github native application for organisations; uses OpenAI models to identify Security Risks introduced by PRs

• Host: GitHub
• URL: https://github.com/xprnvd/threataware
• Owner: xprnvd
• License: mit
• Created: 2023-12-16T04:39:47.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-04-19T12:44:07.000Z (over 1 year ago)
• Last Synced: 2024-06-21T02:13:37.086Z (over 1 year ago)
• Topics: github-security, gpt, openai, pull-requests, security, security-risks
• Language: Go
• Homepage: https://github.com/apps/gh-threataware
• Size: 18.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# gh-ThreatAware

gh-ThreatAware is a GitHub application developed from the ground up, designed to be installed across GitHub organizations. It efficiently tracks and analyzes pull requests (PRs) within the organization's repositories.

## How it Works

gh-ThreatAware utilizes webhooks to monitor and track PR events. Upon receiving a PR event, it collects essential context surrounding the PR, including details such as the PR description, file changes, commit diffs, user information, and other relevant parameters.

## Security Risk Analysis

The application employs OpenAI's GPT-3.5 Turbo models to evaluate the security risks introduced by each PR. Leveraging these models, it measures and assigns a risk score based on the analysis performed.

## Review Process

If the PR's risk level exceeds a predefined threshold, gh-ThreatAware takes action by adding reviewers from the security team to ensure comprehensive evaluation and mitigation of potential security risks.

#### PR that introduces Security Risk





#### PR that does not introduce Security Risk



## Installation

To install gh-ThreatAware within your GitHub organization, follow these steps:

1. **Clone the Repository:** Clone the gh-ThreatAware repository to a local environment or server that will host the application.

2. **Configure Webhooks:** Set up webhooks in your GitHub organization's repositories to trigger events that communicate with the gh-ThreatAware application. Configure these webhooks to point to the application's designated endpoint.

3. **Configure Permissions:** Ensure that gh-ThreatAware has appropriate permissions to access PR details and assign reviewers. Review and adjust permissions as needed within your GitHub organization settings.

## Configuration

Customize the risk threshold and reviewer assignment logic according to your organization's security policies and requirements. These configurations are adjustable within the designated configuration files provided with the application.