| Name | ai_sec JSON |
| Version |
0.0.2
JSON |
| download |
| home_page | None |
| Summary | Linting, security scanning, and reporting on infrastructure code and Kubernetes config |
| upload_time | 2024-10-28 21:25:50 |
| maintainer | Darren Rabbitt |
| docs_url | None |
| author | Darren Rabbitt |
| requires_python | <4.0,>=3.10 |
| license | MIT |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# AI_Sec
AI_Sec is a powerful command-line tool for linting, security scanning, and reporting on infrastructure-as-code (IaC) such as Terraform and CloudFormation. It supports a variety of linters and security checkers, making it an essential tool for maintaining high-quality infrastructure code, with a focus on best practices and security.
## Table of Contents
- [Motivation](#motivation)
- [Python Versions](#python-versions)
- [Features](#features)
- [Installation](#installation)
- [Option 1: Using a Virtual Environment and Symbolic Links](#option-1-using-a-virtual-environment-and-symbolic-links)
- [Option 2: Installing Directly to System Python](#option-2-installing-directly-to-system-python)
- [Setting Up](#setting-up)
- [Commands](#commands)
- [Sample Configuration](#sample-configuration)
- [Contact](#contact)
## Motivation
Managing infrastructure code in a secure and scalable way is essential, especially with the rise of cloud-native technologies. AI_Sec was developed to automate the process of ensuring that your infrastructure code adheres to best practices by utilizing various linters and security scanners, generating detailed reports to highlight issues.
AI_Sec ensures that your infrastructure is both secure and follows the necessary guidelines by default using **Checkov**, while also supporting other popular linters such as **TFLint** and **TFSec**. The tool is designed to work with IaC frameworks like **Terraform** and **CloudFormation**, giving you comprehensive coverage.
## Python Versions
This project supports Python versions specified in the `pyproject.toml` file:
```toml
[tool.poetry.dependencies]
python = ">=3.10,<4.0"
```
## Features
- **Lint Terraform and CloudFormation Code**: Support for Checkov by default, with optional support for TFLint (v0.53.0) and TFSec (v1.28.0).
- **Security Scanning**: Detect vulnerabilities in your infrastructure code using popular security tools.
- **Customizable Reports**: Generate detailed reports in JSON or HTML format.
- **Dashboard for Issue Navigation**: Navigate and explore identified issues through an interactive dashboard. The dashboard categorizes and presents issues by severity, linter type, and more, providing an easy way to investigate and resolve problems.
- **Configurable Color Scheme**: Customize the color scheme for different severity levels (CRITICAL, HIGH, MEDIUM, LOW, INFO).
- **AI-Generated Insights**: Automatically infer severity and context for high-severity issues using OpenAI.
- **Caching for AI Responses**: To reduce repeated calls to OpenAI, Ai_sec caches AI-generated insights for faster subsequent runs.
- **Modular Linter Support**: Easily enable or disable linters through the configuration file.
## Installation
Ensure you are using Python 3.10 or above.
### Option 1: Using a Virtual Environment and Symbolic Links
1. **Ensure Python Version**
- Verify you have Python 3.10 or later:
```bash
python --version
```
2. **Create and Activate Virtual Environment**
- **Create**:
```bash
python -m venv myenv
```
- **Activate**:
- **Windows**:
```bash
myenv\\Scripts\\activate
```
- **macOS/Linux**:
```bash
source myenv/bin/activate
```
3. **Install Ai_sec**
```bash
pip install ai_sec
```
### Option 2: Installing Directly to System Python
1. **Ensure Python Version**
- Verify you have Python 3.10 or later:
```bash
python --version
```
2. **Install AI_Sec**
```bash
python -m pip install ai_sec
```
### Setting Up
To configure AI_Sec, follow these steps:
1. You can export the default config by running `ai_sec export-config`.
2. The default configuration file will be exported to `~/.ai_sec/config.yaml`.
3. By default, Checkov is the main linter used, but you can enable TFLint and TFSec as needed if you have them installed.
4. Edit the `config.yaml` file to enable/disable linters and set the report output format.
## Sample Configuration
Here’s the default `config.yaml`
Before running AI_Sec, you need to set up the default configuration file. You can automatically export the default configuration to the `~/.ai_sec/config.yaml` directory by running the following command:
```bash
ai_sec export-config
```
```yaml
linters:
tflint:
enabled: false
tfsec:
enabled: false
checkov:
enabled: true
framework: terraform # Default framework can also be Cloudformation
output:
format: json
save_to: ./reports/report.json
color_scheme:
CRITICAL: "#FF6F61"
HIGH: "#FFA07A"
MEDIUM: "#FFD700"
LOW: "#90EE90"
INFO: "#B0C4DE"
```
## Open AI Insights
AI_Sec integrates with OpenAI to provide enhanced insights on infrastructure issues. This includes determining the severity of issues and providing additional context and resolution suggestions for critical and high-severity issues. These insights can be particularly useful in understanding the nature of the problems and how to resolve them.
### How to Enable OpenAI Insights
To enable OpenAI insights, you will need an API key from OpenAI
1. Set the OpenAI API Key: You must set an environment variable OPENAI_API_KEY with your OpenAI API key.
You can export it in your terminal before running the tool:
bash` export OPENAI_API_KEY="your-openai-api-key"`
2. Enable OpenAI Insights in the Configuration: Ensure that the OpenAI integration is enabled in the configuration file. By default, if the API key is set, the insights will automatically be enabled when issues are found.
### How OpenAI Insights Work
When a linter detects an issue, AI_Sec sends a request to OpenAI to analyze the issue and provide:
**Severity**: The issue’s severity level (CRITICAL, HIGH, MEDIUM, or LOW).
**Context and Resolution**: For critical and high-severity issues, additional context and resolution suggestions will be provided.
These insights are added to the linting report and can be viewed in the AI_Sec Dashboard.
### Caching of OpenAI Responses
To avoid repeated API calls and improve performance, OpenAI responses are cached locally. The cache is created in the user’s home directory under ~/.ai_sec/openai_cache.json. This means if the same issue is analyzed multiple times, the tool will retrieve the result from the cache instead of querying OpenAI again.
Note: The cache key is generated based on the issue description and the framework used, so identical issues will have the same result retrieved from the cache.
### Important Considerations
**API Limits**: Depending on your OpenAI subscription, you may have limits on the number of requests. Using the cache can help minimize the number of API calls.
**Performance**: Querying OpenAI can add some additional time to the analysis, especially for large codebases or complex issues. The caching system helps mitigate this for repeated runs.
**Error Handling**: If an error occurs while querying OpenAI (e.g., invalid API key, connection issues), the tool will log the error and continue running without OpenAI insights.
## Commands
Here are some useful commands to interact with AI_Sec:
- `ai_sec run <path>`: Run the linters on the specified path and generate a report.
- `ai_sec export-config` - exports default config
## Changelog
For detailed information about changes in each version, see the [Changelog](CHANGELOG.md).
## Contact
If you encounter any issues or have any suggestions, please feel free to send them to dev@darrenrabbitt.com. Thank you for your support!
Raw data
{
"_id": null,
"home_page": null,
"name": "ai_sec",
"maintainer": "Darren Rabbitt",
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": "dev@darrenrabbitt.com",
"keywords": null,
"author": "Darren Rabbitt",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/15/19/668c2f674da6f4947a23ef78471b1db6004dc12fdead50ade0ee37143cdb/ai_sec-0.0.2.tar.gz",
"platform": null,
"description": "# AI_Sec\n\nAI_Sec is a powerful command-line tool for linting, security scanning, and reporting on infrastructure-as-code (IaC) such as Terraform and CloudFormation. It supports a variety of linters and security checkers, making it an essential tool for maintaining high-quality infrastructure code, with a focus on best practices and security.\n\n## Table of Contents\n\n- [Motivation](#motivation)\n- [Python Versions](#python-versions)\n- [Features](#features)\n- [Installation](#installation)\n - [Option 1: Using a Virtual Environment and Symbolic Links](#option-1-using-a-virtual-environment-and-symbolic-links)\n - [Option 2: Installing Directly to System Python](#option-2-installing-directly-to-system-python)\n- [Setting Up](#setting-up)\n- [Commands](#commands)\n- [Sample Configuration](#sample-configuration)\n- [Contact](#contact)\n\n## Motivation\n\nManaging infrastructure code in a secure and scalable way is essential, especially with the rise of cloud-native technologies. AI_Sec was developed to automate the process of ensuring that your infrastructure code adheres to best practices by utilizing various linters and security scanners, generating detailed reports to highlight issues.\n\nAI_Sec ensures that your infrastructure is both secure and follows the necessary guidelines by default using **Checkov**, while also supporting other popular linters such as **TFLint** and **TFSec**. The tool is designed to work with IaC frameworks like **Terraform** and **CloudFormation**, giving you comprehensive coverage.\n\n## Python Versions\n\nThis project supports Python versions specified in the `pyproject.toml` file:\n\n```toml\n[tool.poetry.dependencies]\npython = \">=3.10,<4.0\"\n```\n\n## Features\n\n- **Lint Terraform and CloudFormation Code**: Support for Checkov by default, with optional support for TFLint (v0.53.0) and TFSec (v1.28.0).\n- **Security Scanning**: Detect vulnerabilities in your infrastructure code using popular security tools.\n- **Customizable Reports**: Generate detailed reports in JSON or HTML format.\n- **Dashboard for Issue Navigation**: Navigate and explore identified issues through an interactive dashboard. The dashboard categorizes and presents issues by severity, linter type, and more, providing an easy way to investigate and resolve problems.\n- **Configurable Color Scheme**: Customize the color scheme for different severity levels (CRITICAL, HIGH, MEDIUM, LOW, INFO).\n- **AI-Generated Insights**: Automatically infer severity and context for high-severity issues using OpenAI.\n- **Caching for AI Responses**: To reduce repeated calls to OpenAI, Ai_sec caches AI-generated insights for faster subsequent runs.\n- **Modular Linter Support**: Easily enable or disable linters through the configuration file.\n\n## Installation\n\nEnsure you are using Python 3.10 or above.\n\n### Option 1: Using a Virtual Environment and Symbolic Links\n\n1. **Ensure Python Version**\n\n - Verify you have Python 3.10 or later:\n ```bash\n python --version\n ```\n\n2. **Create and Activate Virtual Environment**\n\n - **Create**:\n\n ```bash\n python -m venv myenv\n ```\n\n - **Activate**:\n - **Windows**:\n ```bash\n myenv\\\\Scripts\\\\activate\n ```\n - **macOS/Linux**:\n ```bash\n source myenv/bin/activate\n ```\n\n3. **Install Ai_sec**\n ```bash\n pip install ai_sec\n ```\n\n### Option 2: Installing Directly to System Python\n\n1. **Ensure Python Version**\n\n - Verify you have Python 3.10 or later:\n ```bash\n python --version\n ```\n\n2. **Install AI_Sec**\n ```bash\n python -m pip install ai_sec\n ```\n\n### Setting Up\n\nTo configure AI_Sec, follow these steps:\n\n1. You can export the default config by running `ai_sec export-config`.\n\n2. The default configuration file will be exported to `~/.ai_sec/config.yaml`.\n\n3. By default, Checkov is the main linter used, but you can enable TFLint and TFSec as needed if you have them installed.\n\n4. Edit the `config.yaml` file to enable/disable linters and set the report output format.\n\n## Sample Configuration\n\nHere\u2019s the default `config.yaml`\nBefore running AI_Sec, you need to set up the default configuration file. You can automatically export the default configuration to the `~/.ai_sec/config.yaml` directory by running the following command:\n\n```bash\nai_sec export-config\n```\n\n```yaml\nlinters:\n tflint:\n enabled: false\n tfsec:\n enabled: false\n checkov:\n enabled: true\n framework: terraform # Default framework can also be Cloudformation\noutput:\n format: json\n save_to: ./reports/report.json\ncolor_scheme:\n CRITICAL: \"#FF6F61\"\n HIGH: \"#FFA07A\"\n MEDIUM: \"#FFD700\"\n LOW: \"#90EE90\"\n INFO: \"#B0C4DE\"\n```\n\n## Open AI Insights\n\nAI_Sec integrates with OpenAI to provide enhanced insights on infrastructure issues. This includes determining the severity of issues and providing additional context and resolution suggestions for critical and high-severity issues. These insights can be particularly useful in understanding the nature of the problems and how to resolve them.\n\n### How to Enable OpenAI Insights\n\nTo enable OpenAI insights, you will need an API key from OpenAI\n\n1. Set the OpenAI API Key: You must set an environment variable OPENAI_API_KEY with your OpenAI API key.\n You can export it in your terminal before running the tool:\n bash` export OPENAI_API_KEY=\"your-openai-api-key\"`\n2. Enable OpenAI Insights in the Configuration: Ensure that the OpenAI integration is enabled in the configuration file. By default, if the API key is set, the insights will automatically be enabled when issues are found.\n\n### How OpenAI Insights Work\n\nWhen a linter detects an issue, AI_Sec sends a request to OpenAI to analyze the issue and provide:\n\n**Severity**: The issue\u2019s severity level (CRITICAL, HIGH, MEDIUM, or LOW).\n**Context and Resolution**: For critical and high-severity issues, additional context and resolution suggestions will be provided.\n\nThese insights are added to the linting report and can be viewed in the AI_Sec Dashboard.\n\n### Caching of OpenAI Responses\n\nTo avoid repeated API calls and improve performance, OpenAI responses are cached locally. The cache is created in the user\u2019s home directory under ~/.ai_sec/openai_cache.json. This means if the same issue is analyzed multiple times, the tool will retrieve the result from the cache instead of querying OpenAI again.\n\nNote: The cache key is generated based on the issue description and the framework used, so identical issues will have the same result retrieved from the cache.\n\n### Important Considerations\n\n**API Limits**: Depending on your OpenAI subscription, you may have limits on the number of requests. Using the cache can help minimize the number of API calls.\n**Performance**: Querying OpenAI can add some additional time to the analysis, especially for large codebases or complex issues. The caching system helps mitigate this for repeated runs.\n**Error Handling**: If an error occurs while querying OpenAI (e.g., invalid API key, connection issues), the tool will log the error and continue running without OpenAI insights.\n\n## Commands\n\nHere are some useful commands to interact with AI_Sec:\n\n- `ai_sec run <path>`: Run the linters on the specified path and generate a report.\n- `ai_sec export-config` - exports default config\n\n## Changelog\n\nFor detailed information about changes in each version, see the [Changelog](CHANGELOG.md).\n\n## Contact\n\nIf you encounter any issues or have any suggestions, please feel free to send them to dev@darrenrabbitt.com. Thank you for your support!\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Linting, security scanning, and reporting on infrastructure code and Kubernetes config",
"version": "0.0.2",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "66f41b77cde237c2b354327273977a96d868c7fc165de151886c1530b19ae8c3",
"md5": "a32d784ba3ad4021c6ca2bffe38d8d16",
"sha256": "0e5514ba6bfe7c3d4d7ad2b941a70df583589fc578ed7173a19fd3dc19430ca7"
},
"downloads": -1,
"filename": "ai_sec-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a32d784ba3ad4021c6ca2bffe38d8d16",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 104110,
"upload_time": "2024-10-28T21:25:49",
"upload_time_iso_8601": "2024-10-28T21:25:49.071773Z",
"url": "https://files.pythonhosted.org/packages/66/f4/1b77cde237c2b354327273977a96d868c7fc165de151886c1530b19ae8c3/ai_sec-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "1519668c2f674da6f4947a23ef78471b1db6004dc12fdead50ade0ee37143cdb",
"md5": "284803c50992fdf9823d4cdf08e74369",
"sha256": "48de60cfb225e687f4ead069a36f9aa050725c2a2776c01645f232711e5acdfb"
},
"downloads": -1,
"filename": "ai_sec-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "284803c50992fdf9823d4cdf08e74369",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 93154,
"upload_time": "2024-10-28T21:25:50",
"upload_time_iso_8601": "2024-10-28T21:25:50.563353Z",
"url": "https://files.pythonhosted.org/packages/15/19/668c2f674da6f4947a23ef78471b1db6004dc12fdead50ade0ee37143cdb/ai_sec-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-28 21:25:50",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "ai_sec"
}
