Check rpm scriplets for security issues with AI
an idea by jsegitz
Updated about 12 hours ago. No love. 1 follower. Has no hacker: grab it!

Description

The product security team reviews all rpm scriptlets to spot security issues. Over the years we assigned a number of CVEs to issues, mostly allowing privilege escalation from service users to root. While we also try to train packagers it is something that will just happen, but the manual review is not the most fun job in the world. So we want to automate it

Goals

  • Automate the review of the scriptlets in our rpm packages
  • Evaluate if it is reliable enough to go into production. Either as a first line of defense or preferably to replace the manual review. That means false positives are annoying, false negatives are not acceptable (at least at a rate over the human rate)

Resources

I tried it with Gemini before, but Gemini isn't up for the task. Claude works much better, but is not available. Currently testing local LLMs on orthos machines

No Hackers yet

Join this project

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 25

Activity

  • about 12 hours ago: jsegitz originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!