HAIstings is an AI-powered companion designed to help you assess and prioritize Common Vulnerabilities and Exposures (CVEs) within your Kubernetes infrastructure. Drawing inspiration from Agatha Christie's legendary character Arthur Hastings, the crime-solving partner of Hercule Poirot, HAIstings partners with you to ensure robust security measures in your Kubernetes environments.
HAIstings analyzes vulnerability reports from tools like trivy-operator, generates prioritized reports, and engages in an interactive conversation to refine its recommendations based on your specific context and requirements.
- Vulnerability Prioritization: Automatically prioritizes vulnerabilities based on severity, impact, and context
- Interactive Refinement: Engages in a conversation to gather more context and refine prioritization
- Infrastructure Context: Ingests infrastructure repository information to provide more relevant recommendations
- Persistent Memory: Maintains conversation history across sessions using checkpoints
- Customizable Output: Adjusts recommendations based on user-provided context
- Retrieval-Augmented Generation (RAG): Selectively includes only relevant infrastructure files in the context, reducing overall context size and improving performance
- Python 3.12
- Kubernetes cluster with trivy-operator installed
- Properly configured kubeconfig file
# Clone the repository
git clone https://github.com/stacklok/HAIstings.git
cd HAIstings
# Install dependencies
poetry installpip install haistingsGenerate a vulnerability report showing the top 25 most critical vulnerabilities:
haistingsSpecify the number of vulnerabilities to show:
haistings --top 30Provide additional context to improve prioritization:
haistings --notes usercontext.txtWhere usercontext.txt contains information about your infrastructure, such as:
example-service is a very critical service that is internet-facing. We should assign more priority to it.
Flux is critical to our infrastructure, so if it has a vulnerability on anything related to how it processes git requests, then we should assign it very high priority.
Provide your infrastructure repository for additional context:
haistings --infra-repo https://github.com/yourusername/infra-repo --gh-token YOUR_GITHUB_TOKENFor a specific subdirectory:
haistings --infra-repo https://github.com/yourusername/infra-repo --infra-repo-subdir kubernetes --gh-token YOUR_GITHUB_TOKENControl the Retrieval-Augmented Generation functionality:
# Disable RAG (use traditional approach)
haistings --use-vectordb false
# Specify maximum number of relevant files per component
haistings --max-relevant-files 10Use SQLite to persist conversation history:
haistings --checkpoint-saver-driver sqlitehaistings --top 30 --notes usercontext.txt --infra-repo https://github.com/yourusername/infra-repo --max-relevant-files 8 --checkpoint-saver-driver sqlite- Vulnerability Collection: HAIstings connects to your Kubernetes cluster and collects vulnerability reports from trivy-operator.
- Prioritization: Vulnerabilities are prioritized based on severity (critical vulnerabilities are weighted 10x more than high vulnerabilities).
- Repository Ingestion: Infrastructure repository files are ingested and stored in a vector database for efficient retrieval.
- Relevant File Retrieval: Using RAG (Retrieval-Augmented Generation), only the most relevant files for each vulnerability are retrieved based on similarity search.
- Context Integration: User-provided context and relevant infrastructure files are integrated into the analysis.
- Report Generation: A prioritized report is generated in a conversational style inspired by Arthur Hastings.
- Interactive Refinement: HAIstings engages in a conversation to gather more context and refine its recommendations.
| Option | Description | Default |
|---|---|---|
--top |
Number of vulnerabilities to show | 25 |
--notes |
Path to a file containing additional context | None |
--infra-repo |
URL to your infrastructure repository | None |
--infra-repo-subdir |
Subdirectory in the repository to ingest | None |
--gh-token |
GitHub Personal Access Token for private repositories | None |
--checkpoint-saver-driver |
Memory persistence driver (memory or sqlite) |
memory |
--use-vectordb |
Use vector database for repository ingestion | true |
--max-relevant-files |
Maximum number of relevant files per component | 5 |
--debug |
Enable debug mode | False |
--model |
LLM model to use (when not using CodeGate) | this-makes-no-difference-to-codegate |
--model-provider |
Model provider | openai |
--api-key |
API key for the model provider (when not using CodeGate) | fake-api-key |
--base-url |
Base URL for the model provider | http://127.0.0.1:8989/v1/mux |
# HAIsting's Security Report
## Introduction
Good day! Arthur Hastings at your service. I've meticulously examined the vulnerability reports from your Kubernetes infrastructure and prepared a prioritized assessment of the security concerns that require your immediate attention.
## Summary
After careful analysis, I've identified several critical vulnerabilities that demand prompt remediation:
1. **example-service (internet-facing service)**
- Critical vulnerabilities: 3
- High vulnerabilities: 7
- Most concerning: CVE-2023-1234 (Remote code execution)
This service is particularly concerning due to its internet-facing nature, as mentioned in your notes. I recommend addressing these vulnerabilities with the utmost urgency.
2. **Flux (GitOps controller)**
- Critical vulnerabilities: 2
- High vulnerabilities: 5
- Most concerning: CVE-2023-5678 (Git request processing vulnerability)
As you've noted, Flux is critical to your infrastructure, and this Git request processing vulnerability aligns with your specific concerns.
[Additional entries...]
## Conclusion
I say, these vulnerabilities require prompt attention, particularly the ones affecting your internet-facing services and deployment controllers. I recommend addressing the critical vulnerabilities in example-service and Flux as your top priorities. Should you require any further assistance or have additional context to share, I remain at your service.# Clone the repository
git clone https://github.com/stacklok/HAIstings.git
cd HAIstings
# Install dependencies including development dependencies
poetry install
# Run tests
poetry run pytestThis project uses:
- Black for code formatting
- isort for import sorting
- mypy for type checking
- flake8 for linting
# Format code
poetry run black .
poetry run isort .
# Type check
poetry run mypy .
# Lint
poetry run flake8- Custom Vulnerability Scoring: Add support for custom vulnerability scoring based on user-defined criteria beyond just severity.
- Integration with More Scanners: Extend beyond trivy-operator to support other vulnerability scanners.
- Visualization Dashboard: Create a web interface to visualize vulnerability reports and trends over time.
- Automated Remediation Suggestions: Provide specific remediation steps for common vulnerabilities.
- Multi-Cluster Support: Add support for analyzing vulnerabilities across multiple Kubernetes clusters.
Apache-2.0