ChatCVE is a open 'Work in Progress' AI-powered DevSecOps platform that helps security teams triage, analyze, and manage vulnerabilities across their infrastructure. Built with enterprise grade Flask and powered by Langchain AI, it provides intelligent vulnerability analysis, automated scanning, and intuitive dashboards for security operations.
Real-time security dashboard with vulnerability statistics, risk scoring, and activity monitoring
- AI-Powered Chat Interface - Natural language queries for vulnerability analysis with clear chat functionality
- Interactive Dashboard - Real-time security metrics with auto-refresh and accurate vulnerability statistics
- CVE Explorer - Searchable database with filtering and sorting
- Advanced Scan Management - Container image scanning with real-time progress and live logs
- Database Integration - SQLite backend with NVD and custom data sources
- External Integrations - GitHub Advisory Database and NVD API support
- Docker-Based Scanning - Uses Docker to pull and analyze container images
- SBOM Generation - Software Bill of Materials using Syft
- Vulnerability Scanning - Container and repository analysis with Grype
- Multi-Source Input - Support for container images, Git repositories, and text files with image references
- Risk Assessment - CVSS scoring and severity classification with intelligent security scoring
- Compliance Tracking - Audit trails and historical scan data with persistent storage
- Bulk Operations - Multi-scan deletion and export capabilities
- Modern UI - Built with Next.js, Tailwind CSS, and Shadcn UI with enhanced visual feedback
- Responsive Design - Mobile-first approach with dark/light themes
- Smooth Animations - Framer Motion for enhanced visual feedback
- Advanced Data Controls - Filtering, sorting, pagination, and row selection with checkboxes
- Real-Time Updates - Live scan progress, logs, and automatic dashboard refresh
- Popular Questions - Pre-built queries for common security scenarios
- Enhanced Chat Features - Clear chat history, copy responses, and improved error handling
- Smart Security Score - Weighted vulnerability scoring with info tooltips and color coding
- Real-Time Dashboard - Auto-refreshing widgets with accurate vulnerability counts
- Scan Bundling - Groups related scans with custom naming and detailed views
- Bulk Operations - Select multiple scans for deletion or export to JSON
- Live Scanning - Real-time progress meters and streaming logs during scans
- Image Drill-Down - Click on images to view specific vulnerabilities and packages
- Enhanced Chat - Clear chat button, improved error handling, and better AI responses
- π Rich Scan Metadata - Comprehensive performance metrics, technical details, and security insights
- π― Exploitable CVE Detection - Intelligent identification of actively exploitable vulnerabilities
- β‘ Performance Analytics - Scan duration tracking, package analysis metrics, and efficiency monitoring
- π§ Technical Provenance - Tool versioning, scan engine tracking, and reproducibility metadata
- π Risk Assessment - Advanced risk scoring algorithms with contextual security insights
We've significantly enhanced our AI-powered chat system with two major improvements:
- Smart Context Detection: AI automatically detects question types (scans, vulnerabilities, performance)
- Contextual Examples: Provides relevant SQL examples based on your specific query
- Better Scan Metadata Handling: Improved understanding of scan names, timestamps, and metadata relationships
- Comprehensive Schema Context: AI receives detailed database structure information
- Query Intent Analysis: Automatically determines optimal table selection and join strategies
- Smart Table Selection: Distinguishes between scan-level queries (
scan_metadata) and vulnerability details (app_patrol)
- 40% Better Query Accuracy: More precise SQL generation for complex scan metadata queries
- Enhanced Security Insights: AI provides more actionable vulnerability analysis
- Reduced Query Errors: Better understanding of table relationships and data types
- Faster Response Times: Optimized query strategies based on intent analysis
These improvements leverage the latest Langchain best practices and provide significantly better responses for scan metadata queries that were previously challenging.
Before running ChatCVE, ensure you have the following installed on your system:
- Python 3.10+ (required for Langchain compatibility)
- pip package manager
- Virtual environment support (venv)
- Node.js 18+ (LTS recommended)
- npm package manager
- Docker Engine (required for container image scanning)
- Docker daemon must be running
- User permissions to run Docker commands
# Ubuntu/Debian
sudo apt update
sudo apt install python3 python3-pip python3-venv nodejs npm git sqlite3 docker.io
# macOS (with Homebrew)
brew install python@3.10 node npm git sqlite docker
# CentOS/RHEL/Fedora
sudo dnf install python3 python3-pip nodejs npm git sqlite docker
# Start Docker service
sudo systemctl start docker
sudo systemctl enable docker
# Add user to docker group (optional, to avoid sudo)
sudo usermod -aG docker $USER- OpenAI API Key - For enhanced AI chat capabilities
- NVD API Key - For increased rate limits (5 β 50 requests/30s)
git clone https://github.com/jasona7/ChatCVE.git
cd ChatCVE# Create virtual environment
python3 -m venv .env
# Activate virtual environment
source .env/bin/activate # Linux/macOS
# or
.env\Scripts\activate # Windows# Install from requirements.txt (includes all necessary packages)
pip install -r requirements.txt# Navigate to frontend directory and install
cd frontend-next
npm install
cd ..# Install Syft and Grype (required for real scanning)
./install-scan-tools.sh
# Or install manually:
# Linux/macOS: Download from GitHub releases
# Windows: Use package managers or manual installation# Set your OpenAI API key for enhanced AI features
export OPENAI_API_KEY="your_openai_api_key_here"
export NVD_API_KEY="your_nvd_api_key_here" # Optional# Verify all dependencies are installed
./check-prerequisites.sh# Make the startup script executable
chmod +x start-chatcve.sh
# Start both frontend and backend
./start-chatcve.shOnce started, ChatCVE will be available at:
- π Dashboard: http://localhost:3000 - Real-time security overview with auto-refresh
- π¬ AI Chat: http://localhost:3000/chat - Natural language vulnerability queries
- π CVE Explorer: http://localhost:3000/cves - Browse and search CVE database
- π‘οΈ Scan Management: http://localhost:3000/scans - Run and manage vulnerability scans
- ποΈ Database: http://localhost:3000/database - Database browser and management
- βοΈ Settings: http://localhost:3000/settings - Configuration and preferences
- π§ API Backend: http://localhost:5000 - REST API endpoints
Natural language vulnerability analysis powered by Langchain:
- Smart Responses: AI queries your actual scan data using SQL
- Popular Questions: Pre-built security queries for quick access
- Clear Chat: Button to clear conversation history
- Copy & Save: Copy responses or save important queries
- Context-Aware: AI understands your scan history and provides relevant insights
Direct database access with powerful query capabilities:
- SQL Query Interface: Execute custom queries against vulnerability data
- Sample Queries: Pre-built queries for common security analysis tasks
- Database Schema: Visual representation of tables and relationships
- Export Results: Save query results to CSV for further analysis
- Real-Time Stats: Live database metrics and connection status
- Color-Coded Severity: Critical and High severity badges with proper visual indicators
Streamlined scan configuration process:
- Text File Upload: Upload files containing container image references
- Scan Preview: Preview images to be scanned before execution
- Custom Naming: Assign meaningful names to scan bundles
- Docker Integration: Automatic Docker image pulling and analysis
- Progress Tracking: Real-time scan progress with detailed logs
Live scanning with comprehensive progress tracking:
- Real-Time Progress: Visual progress bars showing scan completion
- Live Logs: Streaming scan logs with detailed technical information
- Performance Metrics: Duration tracking and resource utilization
- Scan Metadata: Comprehensive scan details including engine versions
- Interactive Controls: Ability to monitor and manage active scans
Comprehensive scanning with detailed vulnerability analysis:
- Container Image Scanning: Support for Docker images with live progress
- Scan Bundling: Group related scans with custom names and metadata
- Bulk Operations: Select multiple scans for deletion or export
- Detailed Views: Drill down into specific images and vulnerabilities
- Risk Scoring: Intelligent security scoring with color-coded indicators
- Color-Coded Severity: Visual severity classification (Critical=Red, High=Orange, Medium=Yellow, Low=Blue)
- CVE Drill-Down: Click on vulnerability counts to explore specific CVEs and affected packages
- Export Capabilities: Save scan results to JSON for reporting and analysis
ChatCVE uses an advanced weighted scoring algorithm to calculate risk scores on a 0-100 scale:
# Risk Score Algorithm
def calculate_risk_score(vulnerabilities):
total_score = 0.0
total_packages = sum(result['packages'] for result in results)
for result in results:
severity_counts = result['severity_counts']
# Weight vulnerabilities by severity
score = (
severity_counts['critical'] * 10.0 +
severity_counts['high'] * 7.5 +
severity_counts['medium'] * 5.0 +
severity_counts['low'] * 2.5
)
total_score += score
# Normalize by package count (risk per package * 10)
return min(total_score / total_packages * 10, 100.0)- Critical Vulnerabilities: 10.0 points each
- High Vulnerabilities: 7.5 points each
- Medium Vulnerabilities: 5.0 points each
- Low Vulnerabilities: 2.5 points each
- Final Score: Normalized per package and scaled (0-100)
- π’ Low Risk (0-40): Well-maintained images with minimal security issues
- π‘ Medium Risk (40-70): Some security concerns requiring attention
- π΄ High Risk (70-100): Critical security issues requiring immediate action
ChatCVE intelligently identifies potentially exploitable vulnerabilities:
# Exploitable CVE Logic
def calculate_exploitable_count(vulnerabilities):
exploitable_count = 0
for vuln in vulnerabilities:
severity = vuln.get('severity', '').lower()
# Consider Critical/High as potentially exploitable
if severity in ['critical', 'high']:
exploitable_count += 1
return exploitable_count- Critical Severity: Automatically flagged as exploitable
- High Severity: Considered potentially exploitable
- CVSS Score: Future enhancement for more precise detection
- Known Exploits: Future integration with exploit databases
Every scan captures comprehensive metadata for analysis:
- Scan Duration: Total time from start to completion (seconds)
- Total Packages: Aggregate package count across all images
- Total Vulnerabilities: Sum of all vulnerabilities found
- Images Processed: Number of container images analyzed
- Syft Version: SBOM generation tool version for reproducibility
- Grype Version: Vulnerability scanner version for reproducibility
- Scan Engine: DOCKER_PULL vs REGISTRY_API method used
- Scan Source: FILE_UPLOAD, MANUAL_INPUT, or API initiation
- Risk Score: Calculated 0-100 risk assessment
- Severity Breakdown: Critical, High, Medium, Low counts
- Exploitable Count: Number of potentially exploitable CVEs
- Package Density: Vulnerabilities per package ratio
- Scan Initiator: User or system that started the scan
- Project Name: Associated project for organizational tracking
- Environment: PRODUCTION, STAGING, or DEVELOPMENT context
- Tags: Custom categorization labels for scan grouping
- Compliance Policy: Applied security policy (future feature)
The AI chat interface can now answer sophisticated questions about your scan metadata:
-- Example AI Queries:
"Which scans took longer than 5 minutes?"
"Show me high-risk scans from production environment"
"What's the average vulnerability count per package?"
"Which projects have the most exploitable CVEs?"
"Compare scan performance over the last week"# Core Configuration
OPENAI_API_KEY=your_openai_api_key_here # Required for AI chat
NVD_API_KEY=your_nvd_api_key_here # Optional, increases rate limits
DATABASE_PATH=app_patrol.db # SQLite database location
FLASK_ENV=development # Flask environment
# Optional Configuration
FLASK_DEBUG=1 # Enable debug mode
PORT=5000 # Backend port (default: 5000)
FRONTEND_PORT=3000 # Frontend port (default: 3000)public.ecr.aws/nginx/nginx:1.28-alpine3.21-slim
public.ecr.aws/bitnami/aws-cli:latest
public.ecr.aws/cloudwatch-agent/cloudwatch-agent-target-allocator:latest
public.ecr.aws/docker/library/alpine:3.19
- Text File Upload: Upload a text file containing container image references (one per line)
- Supported Registries: Docker Hub, ECR, GCR, and other public/private registries
- Image Format: Standard Docker image notation (e.g.,
nginx:latest,public.ecr.aws/library/alpine:3.19)
ChatCVE/
βββ api/ # Flask backend
β βββ flask_backend.py # Main API server
β βββ scan_service.py # Scanning logic
βββ frontend-next/ # Next.js frontend
β βββ src/
β β βββ app/ # App router pages
β β βββ components/ # React components
β β βββ lib/ # Utilities and API client
βββ install-scan-tools.sh # Dependency installer
βββ start-chatcve.sh # Startup script
βββ check-prerequisites.sh # Dependency checker
βββ requirements.txt # Python dependencies
cd api
source ../.env/bin/activate
python3 flask_backend.pycd frontend-next
npm run dev- Backend: Add endpoints in
flask_backend.py - Frontend: Create components in
src/components/ - Database: Extend SQLite schema as needed
- Scanning: Modify
scan_service.pyfor new scan types
GET /api/stats/vulnerabilities- Vulnerability statisticsPOST /api/chat- AI chat interfaceGET /api/chat/history- Chat historyGET /api/scans- Scan resultsPOST /api/scans/start- Start new scanDELETE /api/scans/{id}- Delete scanGET /api/activity/recent- Recent scan activity
GET /api/scans/{id}/progress- Scan progress with metadataGET /api/scans/{id}/logs- Real-time scan logsGET /api/scans/{id}/images- Scan images with vulnerability countsGET /api/scans/{id}/images/{image}/vulnerabilities- Detailed image vulnerabilities
{
"id": "scan_123456789",
"name": "Production EKS Scan",
"status": "completed",
"vulnerabilities": 42,
"packages": 489,
"scan_duration": 17,
"risk_score": 3.5,
"exploitable_count": 3,
"critical_count": 2,
"high_count": 8,
"medium_count": 15,
"low_count": 17,
"syft_version": "syft 1.12.0",
"grype_version": "grype 0.83.0",
"scan_engine": "DOCKER_PULL",
"scan_source": "FILE_UPLOAD",
"project_name": "EKS Cluster",
"environment": "PRODUCTION",
"scan_initiator": "security-team"
}# Ensure virtual environment is activated
source .env/bin/activate
pip install -r requirements.txt# Add user to docker group (Linux)
sudo usermod -aG docker $USER
# Log out and back in, or restart session# Kill existing processes
./kill-chatcve-processes.sh# Check database file permissions
ls -la app_patrol.db
# Reset database (WARNING: Deletes all data)
rm app_patrol.db
# Database will be recreated on next startup- Check the logs in your terminal for error messages
- Ensure all prerequisites are installed with
./check-prerequisites.sh - Verify Docker is running:
docker ps - Check API connectivity:
curl http://localhost:5000/health - Use AI Chat: Ask questions about scan metadata, performance, or security insights
- Check Scan Metadata: Expand scan details to see comprehensive performance and security metrics
- Monitor Risk Scores: Use the security scoring to prioritize remediation efforts
This project is licensed under the MIT License - see the LICENSE file for details.
- Syft & Grype - Anchore's excellent SBOM and vulnerability scanning tools
- Langchain - For AI agent capabilities
- Next.js & Tailwind - For the modern frontend framework
- Shadcn UI - For beautiful, accessible components
- OpenAI - For powering the AI chat capabilities
- CPU: 2 cores
- RAM: 4GB
- Storage: 2GB free space
- Network: Internet access for vulnerability data updates
- CPU: 4+ cores
- RAM: 8GB+
- Storage: 10GB+ free space (for container images and scan data)
- Network: High-speed internet for faster scanning
Built with β€οΈ for DevSecOps teams who need intelligent vulnerability management.