You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Install dependencies - Run pip install -r requiremnts.txt
Run prepare_cve_data.py
Configuration Setup:
Add Open API Key in get_function_by_chatgpt.py
Update url and Token in prepare_cve_data.py (this is to interact with github to get dependabot alerts)
active_repos.json -- mention all the repo under your org
Assumption:
Install semgrep tool
Clone the repo where you are expecting to find vulnerable function usage
What this will do?
Collect all dependabot details (open issues) for the specified repo
Extract cve, package, version and eco system details
Make a call to chat gpt to get what function and class is really vulnerable
Write a semgrep rule (right now, it supports python and java based rules). Lot more can be add here.
Scan the code base with created semgrep rule
If scan finds some findings, this are really vulnerable function and can be delayed this to udpate. Push to developer and get it updated to lastest version
To help step 6, it will ask chatgpt to check whether this is vulneable to web. If answer is Yes, then no doubt to upgrade this.
In the get_function_by_chatgpt.py, we have used only web app to show this data in table. But it can be anything.