NIM Agent Blueprint for Vulnerability Analysis

NGC Catalog

Welcome Guest

For contents of this collection and more information, please view on a desktop device.

Features

Description

The Vulnerability Analysis for Container Security is a NIM Agent Blueprint that dramatically accelerates vulnerability detection and mitigation with generative AI and the Morpheus cybersecurity SDK.

Curator

NVIDIA

Modified

November 13, 2024

Containers

Helm Charts

Models

Resources

Overview

This NIM Agent Blueprint demonstrates accelerated analysis on common vulnerabilities and exposures (CVE) at an enterprise scale, reducing mitigation from days and hours to just seconds. While traditional methods require substantial manual effort to pinpoint solutions for vulnerabilities, these technologies enable quick, automatic, and actionable CVE risk analysis using large language models (LLMs) and retrieval-augmented generation (RAG). With this blueprint, security analysts can expedite the process of determining whether a software package includes exploitable and vulnerable components using LLMs and event-driven RAG triggered by the creation of a new software container or the detection of a CVE. Using NVIDIA NIM microservices and the Morpheus cybersecurity AI SDK, the NIM Agent Blueprint for vulnerability analysis accelerates CVE analysis, dramatically reducing time to assess from days to just seconds.

Key benefits of the NIM Agent Blueprint for vulnerability analysis include:

Faster time to assess: Allows analysts to investigate individual CVEs in seconds rather than hours or even days.
Reduced CVE noise: LLM agents can expedite investigations and cut through the noise of an increasing number of known CVEs to highlight actual urgent security risks.
Event-driven Automation: multiple LLM agents are implemented to automate vulnerability management, verification, and VEX justification, all triggered by the results of upstream vulnerability scans.

Getting Started

To get started, review the information linked below and learn what is included in the Blueprint, as well as where and how to run the workflow.

Experience or download this blueprint at build.nvidia.com.
Dive into the blueprint integration code and resources at Github: https://github.com/NVIDIA-AI-Blueprints/vulnerability-analysis

Additional Resources

Contact NVIDIA to learn more about how you can purchase NVIDIA AI Enterprise for your production deployment.

License

GOVERNING TERMS: The software and materials are governed by the NVIDIA Software License Agreement and the Product-Specific Terms for NVIDIA AI Products; The use of the models is governed by the NVIDIA AI Foundation Models Community License Agreement.

ADDITIONAL INFORMATION: Meta Llama 3 Community License, Built with Meta Llama 3. Nemo Text Retriever E5 Embedding Model: MIT license.