ai threat modeling
v1.1.5
?您可以使用此脚本来生成AI特色内容,以进行威胁建模和安全审查。
配x 这是实验项目
git clone [email protected]:xvnpw/ai-threat-modeling.git
cd ai-threat-modeling
pip install -r requirements.txt使用环境变量设置API键。没有API密钥,您将无法使用选定的提供商:
# OpenAI API key
# Optional. Only if want to use openai provider
# Get a key from https://platform.openai.com/account/api-keys
OPENAI_API_KEY
# Open Router API key
# Optional. Only if want to use openrouter provider
# Get a key from https://openrouter.ai/keys
OPENROUTER_API_KEY
$ python ai-tm.py --help
usage: ai-tm.py [-h] [--provider {openai,openrouter}] [--inputs [INPUTS]] [--output [OUTPUT]] [-ai [ARCHITECTURE_INPUTS]] [-atmi [ARCHITECTURE_THREAT_MODEL_INPUT]] [--model MODEL]
[--temperature TEMPERATURE] [-v VERBOSE] [-d DEBUG] [-usos USER_STORY_OUTPUT_SUFFIX] [-t TEMPLATE_DIR] [--review REVIEW] [--create-draft CREATE_DRAFT]
{project,architecture,user-story}
AI featured threat modeling and security review
positional arguments:
{project,architecture,user-story}
type of feature
options:
-h , --help show this help message and exit
--provider {openai,openrouter}
provider of LLM API, default: openai
--inputs [INPUTS] file path or json array of paths to input files (depends on feature)
--output [OUTPUT] path to output file
-a i [ARCHITECTURE_INPUTS], --architecture-inputs [ARCHITECTURE_INPUTS]
for user-story only: json array of paths to architecture files
-a tmi [ARCHITECTURE_THREAT_MODEL_INPUT], --architecture-threat-model-input [ARCHITECTURE_THREAT_MODEL_INPUT]
for user-story only: path to architecture threat model file
--model MODEL type of ChatGPT model, default: gpt-4
--temperature TEMPERATURE
sampling temperature for a model, default 0.2
-v, --verbose turn on verbose messages, default: false
-d , --debug turn on debug messages, default: false
-u sos USER_STORY_OUTPUT_SUFFIX, --user-story-output-suffix USER_STORY_OUTPUT_SUFFIX
for user-story only: suffix that will be added to input file name to create output file, default: _SECURITY
-t TEMPLATE_DIR, --template-dir TEMPLATE_DIR
path to template dir, default: ./templates
--review review input files using LLM, default: false
--create-draft create draft of input (e.g. architecture) based on files (e.g. README.md,controllers.go,swagger.yaml), default: false
Experimental. Use on your own risk$ python ai-tm.py architecture --review --inputs < path_to_project > /ARCHITECTURE.md --output ARCHITECTURE_REVIEW.md --verbose
INFO:root:review of architecture started...
INFO:root:finished waiting on llm response
INFO:root:response written to file该项目使用OpenAI API。默认情况下,根据API数据使用策略,您的数据不会用于学习:
OpenAI不会使用客户通过我们的API提交的数据来培训或改进我们的模型,除非您明确决定与我们共享您的数据。您可以选择加入数据。
OpenRouter在每个模型的设置中描述隐私和过滤。
