Releases: RHEcosystemAppEng/sast-ai-workflow
Releases Β· RHEcosystemAppEng/sast-ai-workflow
v1.0.0
SAST-AI-Workflow v1.0.0 - Initial Release
Overview
We're excited to announce the first official release of SAST-AI-Workflow - an LLM-powered tool designed to intelligently analyze and validate static application security testing (SAST) findings. This release represents the culmination of extensive development focused on reducing false positives in vulnerability detection and providing AI-assisted security insights.
β¨ Major Features
π€ AI-Powered Vulnerability Analysis
- Multi-stage LLM Analysis Pipeline: Comprehensive evaluation workflow with Judge LLM and Critique Agent stages for accurate false positive detection
- NVIDIA AIQ Agent Toolkit Integration: Adopted NVIDIA's Agent Intelligence Toolkit (AIQ) with LangGraph-based workflow orchestration (#88, #72)
- Independent Critique Agent: Secondary analysis for enhanced decision validation (#11)
- Structured JSON Output: Strict JSON schema mode ensuring reliable, parseable LLM responses (#138)
π Enhanced Context & Reasoning
- Call Hierarchy Analysis: Extracts relevant source code by error trace for comprehensive context (#12)
- CWE Data Enrichment: Integrates Common Weakness Enumeration data for vulnerability classification (#14)
- Known False Positive Matching: Learns from verified false positives to improve detection accuracy (#10, #13, #67)
- Line-numbered Source Code: Provides precise code references for improved reasoning (#26)
- Automatic Macro Detection: Identifies and handles C preprocessor macros (#20)
π Flexible Input/Output Support
- SAST Report Readers: Supports HTML and SARIF report formats (#87, #122)
- SARIF Output: Generates standardized SARIF reports for integration with security tooling (#122)
- Google Sheets Integration: Read input and write results directly to Google Sheets (#23, #27)
- Excel Report Generation: Detailed Excel reports with confusion matrix and analysis results (#7)
π Evaluation & Metrics
- Confusion Matrix Calculation: Automated metrics for model performance evaluation (#3, #35)
- MLflow Dashboard Integration: Modular evaluation dashboard with node-specific converters (#121)
- Stratified Dataset Splitting: Ensures balanced evaluation across vulnerability types (#85)
- Timing & Token Metrics: Performance monitoring for LLM operations (#144)
π Enterprise Deployment
- Tekton CI/CD Pipeline: Complete pipeline for OpenShift deployment (#25, #53, #114)
- ArgoCD GitOps: Declarative deployment with ArgoCD application management (#70, #116)
- Container Images: Production-ready containers published to Quay.io (#22, #47)
- Dev/Prod Environment Separation: Distinct deployment configurations (#124)
- S3/MinIO Storage: MLOps storage integration for artifacts and datasets (#131, #134)
- DVC Data Management: Version control for datasets with PostgreSQL metadata (#115)
π§ Modular Architecture
- Refactored LLM Services: Single-responsibility services for maintainability (#68, #89)
- Configurable Pipeline: YAML-based configuration management (#8)
- HTTP Connection Pooling: Optimized embedding requests for performance (#113)
- Externalized Prompts: Template-based prompt management (#66)
ποΈ Architecture Highlights
- LangGraph Workflow: State machine-based agent orchestration
- Vector Store (FAISS): In-memory similarity search for known issues
- Sentence Transformers: HuggingFace embeddings (all-mpnet-base-v2)
- OpenAI-Compatible API: Supports various LLM backends including NVIDIA NIMs
π¦ What's Included
- Complete Python package with all dependencies
- Tekton pipeline definitions for OpenShift
- ArgoCD application manifests
- Docker/Podman container configurations
- Comprehensive documentation and setup guides
- Unit and integration test suite
π Contributors
Thanks to all contributors who made this release possible:
π Documentation
β οΈ Requirements
- Python 3.11+
- Access to OpenAI-compatible LLM API or NVIDIA NIM
- OpenShift cluster (for Tekton deployment)
- Optional: Google Cloud credentials for Sheets/Drive integration
Full Changelog: https://github.com/RHEcosystemAppEng/sast-ai-workflow/commits/v1.0.0
π¦ Container Images
This release includes the following container image published to Quay.io:
quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0
π³ Usage
# Pull specific version for production
podman pull quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0π Registry
View all versions: Quay.io Repository
Note: Production deployments should use this specific version tag.
π¦ Container Images
This release includes the following container image published to Quay.io:
quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0
π³ Usage
# Pull specific version for production
podman pull quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0π Registry
View all versions: Quay.io Repository
Note: Production deployments should use this specific version tag.
π¦ Container Images
This release includes the following container image published to Quay.io:
quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0
π³ Usage
# Pull specific version for production
podman pull quay.io/ecosystem-appeng/sast-ai-workflow:1.0.0π Registry
View all versions: Quay.io Repository
Note: Production deployments should use this specific version tag.
Contributors
JudeNiroshan, Yael-F, and 5 other contributors