# PRIscope: PR Inspector for Security Concerns and Open-source Protection
PRIscope is a Python-based tool designed to analyze the history of code changes in open-source repositories primarily to address sowtware supply chain risks. It helps identify potential security risks or malicious code modifications by examining merged pull requests using an AI-powered code analysis.
<img src="_assets/sample.png" alt="example" width="800"/>
## Features
- Fetches and analyzes the most recent merged pull requests from a specified GitHub repository.
- Utilizes Ollama, a local AI model server, for intelligent code analysis.
- Provides a concise summary of potential security risks for each analyzed pull request.
- Generates an optional JSON report with detailed findings.
- Can be run as a standalone Python script or within a Docker container.
## Prerequisites
- Python 3.9 or higher
- [Ollama](https://ollama.com/) installed and running locally via `ollama serve`
- The `mistral-small` model loaded in Ollama (recommended for its code analysis capabilities)
- Docker (optional, for containerized usage)
## Installation
1. Clone the repository:
```
git clone https://github.com/yourusername/priscope.git
cd priscope
```
2. Install the required Python packages:
```
pip install -r requirements.txt
```
3. Ensure Ollama is installed and running with the `mistral-small` or similar model:
```
ollama run mistral-small
```
## Configuration
Edit the `config.json` file to set your preferences:
## Usage
### Running as a Python Script
To analyze a GitHub repository:
```
python priscope.py https://github.com/owner/repo [-n NUMBER | -s SINCE] [-j]
```
- Replace `https://github.com/owner/repo` with the target repository URL.
- `-n NUMBER` specifies the number of recent PRs to analyze (default is 10).
- `-s SINCE` analyzes PRs merged since this time (format: 2d, 3w, 1m for days, weeks, months).
- `-j` generates a JSON report (optional).
### Running with Docker
PRIscope can also be run in a Docker container for enhanced security and isolation. This method ensures that the script runs in a controlled environment with read-only access to the filesystem.
1. Build the Docker image:
```
docker build -t priscope .
```
2. Run the container:
```
docker run --rm -v $(pwd):/app/output:rw --read-only -u $(id -u):$(id -g) priscope https://github.com/owner/repo -n 5 -j
```
This command does the following:
- Mounts the current directory to `/app/output` in the container for report output.
- Sets the container's filesystem as read-only for security.
- Runs the container as the current user to ensure proper file permissions.
## Output
PRIscope provides a color-coded console output for each analyzed PR:
- Green: No issues identified
- Red: Potential security risk detected
If the JSON report option is used, a detailed report will be generated in the current directory (or `/app/output` when using Docker).
## Why Mistral-Small?
I recommend using the `mistral-small` model with Ollama for several reasons:
1. It demonstrates strong capabilities in code analysis and understanding.
2. It offers a good balance between performance and resource requirements.
However, you can experiment with other models by changing the `model_name` in the `config.json` file.
## Contributing
Contributions to PRIscope are welcome! Please feel free to submit pull requests, report bugs, or suggest features.
## Disclaimer
PRIscope is a tool designed to assist in identifying potential security risks, but it should not be considered a comprehensive security solution. Always perform thorough code reviews and use additional security measures in your development process.
Raw data
{
"_id": null,
"home_page": "https://github.com/yourusername/priscope",
"name": "priscope",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "Your Name",
"author_email": "your.email@example.com",
"download_url": "https://files.pythonhosted.org/packages/b4/fc/b06524f46cc533a7159380f31c5565bf8a977ee438772f7b1570a417c569/priscope-0.0.1.tar.gz",
"platform": null,
"description": "# PRIscope: PR Inspector for Security Concerns and Open-source Protection\n\nPRIscope is a Python-based tool designed to analyze the history of code changes in open-source repositories primarily to address sowtware supply chain risks. It helps identify potential security risks or malicious code modifications by examining merged pull requests using an AI-powered code analysis.\n\n<img src=\"_assets/sample.png\" alt=\"example\" width=\"800\"/>\n\n## Features\n\n- Fetches and analyzes the most recent merged pull requests from a specified GitHub repository.\n- Utilizes Ollama, a local AI model server, for intelligent code analysis.\n- Provides a concise summary of potential security risks for each analyzed pull request.\n- Generates an optional JSON report with detailed findings.\n- Can be run as a standalone Python script or within a Docker container.\n\n## Prerequisites\n\n- Python 3.9 or higher\n- [Ollama](https://ollama.com/) installed and running locally via `ollama serve`\n- The `mistral-small` model loaded in Ollama (recommended for its code analysis capabilities)\n- Docker (optional, for containerized usage)\n\n## Installation\n\n1. Clone the repository:\n ```\n git clone https://github.com/yourusername/priscope.git\n cd priscope\n ```\n\n2. Install the required Python packages:\n ```\n pip install -r requirements.txt\n ```\n\n3. Ensure Ollama is installed and running with the `mistral-small` or similar model:\n ```\n ollama run mistral-small\n ```\n\n## Configuration\n\nEdit the `config.json` file to set your preferences:\n\n\n## Usage\n\n### Running as a Python Script\n\nTo analyze a GitHub repository:\n\n```\npython priscope.py https://github.com/owner/repo [-n NUMBER | -s SINCE] [-j]\n```\n- Replace `https://github.com/owner/repo` with the target repository URL.\n- `-n NUMBER` specifies the number of recent PRs to analyze (default is 10).\n- `-s SINCE` analyzes PRs merged since this time (format: 2d, 3w, 1m for days, weeks, months).\n- `-j` generates a JSON report (optional).\n\n### Running with Docker\n\nPRIscope can also be run in a Docker container for enhanced security and isolation. This method ensures that the script runs in a controlled environment with read-only access to the filesystem.\n\n1. Build the Docker image:\n ```\n docker build -t priscope .\n ```\n\n2. Run the container:\n ```\n docker run --rm -v $(pwd):/app/output:rw --read-only -u $(id -u):$(id -g) priscope https://github.com/owner/repo -n 5 -j\n ```\n\n This command does the following:\n - Mounts the current directory to `/app/output` in the container for report output.\n - Sets the container's filesystem as read-only for security.\n - Runs the container as the current user to ensure proper file permissions.\n\n## Output\n\nPRIscope provides a color-coded console output for each analyzed PR:\n- Green: No issues identified\n- Red: Potential security risk detected\n\nIf the JSON report option is used, a detailed report will be generated in the current directory (or `/app/output` when using Docker).\n\n## Why Mistral-Small?\n\nI recommend using the `mistral-small` model with Ollama for several reasons:\n1. It demonstrates strong capabilities in code analysis and understanding.\n2. It offers a good balance between performance and resource requirements.\n\nHowever, you can experiment with other models by changing the `model_name` in the `config.json` file.\n\n## Contributing\n\nContributions to PRIscope are welcome! Please feel free to submit pull requests, report bugs, or suggest features.\n\n## Disclaimer\n\nPRIscope is a tool designed to assist in identifying potential security risks, but it should not be considered a comprehensive security solution. Always perform thorough code reviews and use additional security measures in your development process.\n",
"bugtrack_url": null,
"license": null,
"summary": "A brief description of your project",
"version": "0.0.1",
"project_urls": {
"Homepage": "https://github.com/yourusername/priscope"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "591205afc22d7ae08cb93e6fb9542053b5c980b455e8fe14a883c4f5dbb95042",
"md5": "d4c1ec06bffe6a3d943191f516ba912a",
"sha256": "aa732cdaef3211aad9383d65257e2d9fd61f01d374b5da7bf25d0f7332f426bb"
},
"downloads": -1,
"filename": "priscope-0.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d4c1ec06bffe6a3d943191f516ba912a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 3359,
"upload_time": "2024-10-16T13:38:43",
"upload_time_iso_8601": "2024-10-16T13:38:43.041166Z",
"url": "https://files.pythonhosted.org/packages/59/12/05afc22d7ae08cb93e6fb9542053b5c980b455e8fe14a883c4f5dbb95042/priscope-0.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b4fcb06524f46cc533a7159380f31c5565bf8a977ee438772f7b1570a417c569",
"md5": "38c727432dab22c71b3251afdd9c07f1",
"sha256": "fe7e3cce989f2a8b08f45869148e3dedb71adbe1502eb87dba996caf7c8c5b3c"
},
"downloads": -1,
"filename": "priscope-0.0.1.tar.gz",
"has_sig": false,
"md5_digest": "38c727432dab22c71b3251afdd9c07f1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 3577,
"upload_time": "2024-10-16T13:38:44",
"upload_time_iso_8601": "2024-10-16T13:38:44.324015Z",
"url": "https://files.pythonhosted.org/packages/b4/fc/b06524f46cc533a7159380f31c5565bf8a977ee438772f7b1570a417c569/priscope-0.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-16 13:38:44",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "yourusername",
"github_project": "priscope",
"github_not_found": true,
"lcname": "priscope"
}