Releases · NVIDIA-AI-Blueprints/vulnerability-analysis

02 Dec 22:51

efajardo-nv

2.1.0

a5206c9

2.1.0 Latest

Latest

What's Changed

Notable Features and Improvements

Update workflow to allow disabling the vulnerability dependency checker by @shawn-davis in #109
Add max_retries option to cve_fetch_intel by @efajardo-nv in #113
Add request_timeout option to cve_fetch_intel by @efajardo-nv in #114
Add intel_source_timeout config to cve_fetch_intel function by @ashsong-nv in #118
added automatic retries to configs by @katherineh123 in #119
Evaluation by @katherineh123 in #122
Add missing_source_action configuration and handling by @ashsong-nv in #126
Majority Voting via Test Time Compute by @shawn-davis in #139
Update to NAT 1.3.1 by @efajardo-nv in #149
Global llm_max_rate for cve_agent workflow by @efajardo-nv in #152
Enable default_llm configuration by @ashsong-nv in #156

Bug Fixes

Change data model to match new Ubuntu API to remove validation error by @katherineh123 in #134

Breaking Changes

migrating to nat 1.2.0 by @katherineh123 in #121
- Updates to NeMo Agent Toolkit 1.2.0 which renames aiqtoolkit dependency to nvidia-nat, and renames aiq CLI to nat. See migration guide for more info, and see NAT v1.2.0 release notes for a full list of breaking changes.
Update to latest nvidia-nat 1.3 by @efajardo-nv in #131
- Updates to NeMo Agent Toolkit 1.3 which introduces several breaking changes for users directly modifying the blueprint using NAT. Notably, it converts several get_* functions to async. See NAT v1.3.0 release notes for a full list of breaking changes.
Update to NAT 1.3.1 by @efajardo-nv in #149
- Updates to NeMo Agent Toolkit 1.3.1 which adds support for the --dask_workers option in the nat serve command. When using the /generate/async endpoint, you can now use --dask_workers=threads to configure the Dask scheduler to use threaded workers instead of process-based workers, allowing print statements and logging from your workflow to appear directly in the server logs. For more information about available flags for the nat serve command, refer to the NeMo Agent Toolkit API Server documentation.
Global llm_max_rate for cve_agent workflow by @efajardo-nv in #152
- The max_concurrency parameter in the cve_agent function is now deprecated and will be removed in a future version. Please use llm_max_rate (requests per second) instead for better rate limiting control. If both parameters are specified, llm_max_rate takes precedence. For backward compatibility, max_concurrency is currently treated as llm_max_rate (requests/second) when specified, but will display a deprecation warning. Update your configurations to use llm_max_rate to avoid warnings and ensure future compatibility.

Other Changes

Update to aiqtoolkit 1.2 pre-release for async endpoint by @efajardo-nv in #106
Merge main into develop by @ashsong-nv in #108
Updated brev launchable and deploy notebook language by @katherineh123 in #116
Add OS requirements section to README by @katherineh123 in #117
Update nat dependency to rc8 and up by @katherineh123 in #120
Add Roadmap section to README by @ashsong-nv in #127
Merge main branch into develop by @ashsong-nv in #128
Update completed items on roadmap by @ashsong-nv in #129
Update missing_source_action option for backwards compatibility by @efajardo-nv in #132
nvidia api key readme update by @katherineh123 in #135
Update nvidia-nat version specifier by @efajardo-nv in #141
Document LLM retry options in README by @efajardo-nv in #140
Add NAT 1.3 async endpoints support by @efajardo-nv in #143
Emphasize troubleshooting section of the README by @ashsong-nv in #146
Mac readme update by @katherineh123 in #145
Update default timeout and retries for intel fetching by @efajardo-nv in #147
Remove broken image link from README by @efajardo-nv in #150
Add max concurrency config option to checklist, summarize and justify by @efajardo-nv in #148
Added a max_concurrency parameter to the ttc workflow by @shawn-davis in #151
README updates by @shawn-davis in #154
Improvements to NAT error truncation, auth error logging, and API error logging by @efajardo-nv in #155
Clarify custom evaluators in README by @katherineh123 in #153
Improvements to README and TTC logging by @ashsong-nv in #158
feat: make 1_Deploy_CVE.ipynb auto executable by @ryanzhang1230 in #144
Update dependencies for security compliance by @efajardo-nv in #159
Update vuln_analysis version for docker build/compose by @efajardo-nv in #160
Fix syft install command in sboms readme by @efajardo-nv in #164
Update README mac support and workarounds sections by @ashsong-nv in #165
Improve TTC output documentation by @ashsong-nv in #166
Update functions to log exceptions by @efajardo-nv in #168

New Contributors

@katherineh123 made their first contribution in #116
@ryanzhang1230 made their first contribution in #144

Full Changelog: 2.0.1...2.1.0

Contributors

shawn-davis, efajardo-nv, and 3 other contributors

Assets 2

21 Jul 17:49

ashsong-nv

2.0.1

569efa4

2.0.1

What's Changed

Switch to NVD configurations for vendor intel by @shawn-davis in #101
Clean up after removing cvedetails intel by @ashsong-nv in #102
Updates to deploy notebooks by @efajardo-nv in #97
Code reorg and renaming to ease migration by @efajardo-nv in #98
Fix /generate endpoint documentation in README by @ashsong-nv in #107

Full Changelog: 2.0.0...2.0.1

Contributors

shawn-davis, efajardo-nv, and ashsong-nv

Assets 2

30 Jun 23:13

efajardo-nv

2.0.0

6942202

2.0.0

Major Updates

Migrated from Morpheus SDK to NeMo Agent Toolkit
Migrated from conda to uv for dependency management
Migrated from async /scan endpoint to synchronous /generate endpoint

Key Features

Added improved full-text lexical search tool with higher accuracy
Enable using either or both semantic and lexical search tools via tool config update
Added Phoenix tracing
Added VS Code workspace configuration and pyproject.toml files for standardized development and debug configurations

What's Changed

Improve docker login command in README by @ashsong-nv in #4
Add /deploy directory with brev.dev launchable notebook by @aadesoba-nv in #5
Update Dockerfile to work within git submodules by @ashsong-nv in #13
fix: encode package in deps check by @ruromero in #6
chore: rename workspace_examples folder by @ruromero in #7
Exclude manual SBOM info from markdown report by @ashsong-nv in #17
Migrate default LLM to meta/llama-3.1-70b-instruct by @ashsong-nv in #19
feat: add id and timestamps to output file by @ruromero in #8
Update mamba env update command in Dockerfile by @efajardo-nv in #23
Fix docker volume rm command in README by @ashsong-nv in #25
Add CVE intel to markdown report by @AjayThorve in #20
feat: replace Docker references by generic OCI by @ruromero in #12
made branding name changes like NVAIE and NVIDIA (NIM) per PMM by @lihoang6 in #33
feat!: replace git tag with git ref to allow any commit ref by @ruromero in #11
updating deploy notebooks for hardware requirement by @aadesoba-nv in #30
feat: add http output stage by @ruromero in #31
Changed deploy notebook header by @aadesoba-nv in #35
fix: escape backslashes in intel descriptions by @ruromero in #37
fix: ensure agent checks for vulnerable functions/methods if mentioned in CVE by @IlonaShishov in #38
Fix openai validation error by @ashsong-nv in #41
Fea custom prompt config by @shawn-davis in #42
Fix checklist prompt syntax error by @ashsong-nv in #45
Adding Updated CVE Customization Notebook by @aadesoba-nv in #39
fix: add ES module support to JavaScript parser by @vbelouso in #49
fix: parsing bug of checklist containing square brackets in its content by @zvigrinberg in #51
Merge customize-notebook branch into main by @aadesoba-nv in #54
Write newline after each scan result in write_pydantic_to_file by @efajardo-nv in #58
Upgrade langchain dependencies to 0.3 by @ashsong-nv in #48
Add health check endpoints to http server by @efajardo-nv in #61
Update CR year by @ashsong-nv in #66
Deficient intel filtering by @shawn-davis in #57
Fix pipeline crash when there are no documents for embedding by @ashsong-nv in #67
Updated top_p by @shawn-davis in #70
Fixed input-manual CLI modifications to config by @shawn-davis in #71
Replace ref with absolute git commit in output source_info by @efajardo-nv in #72
Add utility function to get Git repo from path by @efajardo-nv in #75
Handle invalid Git repo errors by @efajardo-nv in #76
fix: fixed everlasting 404 response codes from nvd via nginx by @zvigrinberg in #73
feat: do not retry for client exceptions by @ruromero in #36
Docker compose port updates by @shawn-davis in #81
Change VulnerableDependencyChecker justification label to false_positive by @ashsong-nv in #82
Add max_concurrency config option for agent llm calls by @ashsong-nv in #79
Return scan ID in HTTP server 201 response by @ashsong-nv in #83
Require docker build step in README and deploy notebook by @ashsong-nv in #84
Update 1_Deploy_CVE.ipynb by @nic-nvidia in #86
Adds 'sbom_file_path' to CLI inputs by @shawn-davis in #89
Enable parsing SBOM from HTTP input by @ashsong-nv in #85
Avoid using stale cache records when updating by @ashsong-nv in #90
Improve SBOM documentation by @ashsong-nv in #91
Add citation to reference paper. by @tzemicheal in #92
Fix json.load() error in launchable when there are multiple results by @ashsong-nv in #93
Fix executing into directory error in 1_Deploy_CVE.ipynb by @aadesoba-nv in #94
Merge branch-2.0.0 branch into main by @efajardo-nv in #95
Update SBOM URLs in README by @efajardo-nv in #96