Skip to content

barbaria888/SupplyChain-Guardian-AI-Github_Action

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

55 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Supply Chain Guardian AI

Autonomous Supply Chain Patcher GitHub Marketplace Supply Chain Guardian Security AI Patching

Autonomous, closed-loop CVE detection and remediation for containerized workloads β€” local CPU inference, cloud LLMs, or bring your own.

overview

What This Does

This GitHub Action detects vulnerabilities in your container images, uses an AI model to generate a Dockerfile patch, validates the fix inside an ephemeral KinD cluster, and opens a pull request with proof β€” all automatically.

Push β†’ Trivy Scan β†’ CVE Found β†’ AI Patches Dockerfile
         β†’ Smoke Test β†’ KinD Validates β†’ Re-scan Confirms β†’ PR Opened

Zero data egress with local Ollama (default), or use OpenAI-compatible API providers (like NVIDIA NIM or DeepSeek) for faster inference. Supports mono-repos out-of-the-box via dynamic build context resolution.


⚑ Quickstart

name: Supply Chain Guardian
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 2 * * *'  # Nightly CVE check

permissions:
  contents: write
  pull-requests: write

jobs:
  guardian:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Supply Chain Guardian
        uses: barbaria888/SupplyChain-Guardian-AI-Github_Action@v2
        with:
          dockerfile: './Dockerfile'

That's it. The action handles everything β€” scanning, patching, validation, and PR creation.


πŸ€– Multi-Provider LLM Support

Choose the inference engine that fits your needs:

Option 1: NVIDIA API via API Key (Recommended Cloud Setup)

Create this repository secret first in GitHub Settings β†’ Secrets and variables β†’ Actions: NVIDIA_NIM_API_KEY (get your key from NVIDIA API Catalog: https://build.nvidia.com/).

- uses: barbaria888/SupplyChain-Guardian-AI-Github_Action@v2
  with:
    provider: 'openai'
    model: 'deepseek-ai/deepseek-v4-flash'
    openai-endpoint: 'https://integrate.api.nvidia.com/v1'
    api-key: ${{ secrets.NVIDIA_NIM_API_KEY }}

Option 2: Local Ollama (Zero Cost, Full Privacy)

- uses: barbaria888/SupplyChain-Guardian-AI-Github_Action@v2
  with:
    provider: 'ollama'
    model: 'llama3.2:1b'    # ~700MB, runs on GitHub runner CPU

Option 3: OpenAI / Azure OpenAI

- uses: barbaria888/SupplyChain-Guardian-AI-Github_Action@v2
  with:
    provider: 'openai'
    model: 'deepseek-ai/deepseek-v4-flash'
    api-key: ${{ secrets.OPENAI_API_KEY }}

Architecture

Architecture
Layer Tool Role
Scanning Trivy CVE detection, SBOM generation
AI Reasoning Ollama / OpenAI / NVIDIA NIM Dockerfile patching
Validation KinD Ephemeral K8s integration test
Orchestration GitHub Actions Full pipeline coordinator
PR Creation peter-evans/create-pull-request Automated, human-reviewable PR

πŸ“‹ Inputs

Input Required Default Description
dockerfile No Dockerfile Path to the Dockerfile to scan and patch
image-ref No '' Pre-built image to scan (skips build step)
severity No CRITICAL,HIGH Trivy severity filter
provider No ollama LLM provider: ollama or openai
model No (auto) Model name for the selected provider
api-key No '' API key for cloud providers. Falls back to step/job env API_KEY if omitted
openai-endpoint No https://integrate.api.nvidia.com/v1 OpenAI-compatible base URL (e.g. NVIDIA NIM or DeepSeek API)
trivy-version No 0.55.0 Trivy version
kind-enabled No true Enable KinD cluster validation
kind-config No .kind/cluster-config.yaml KinD cluster config path
k8s-manifests No k8s/ K8s manifests directory
create-pr No true Auto-create Pull Request
pr-branch No auto-patcher/cve-remediation Branch name for the PR
pr-labels No security,automated-patch,... PR labels
fail-on-vulnerability No true Fail if CVEs can't be patched
llm-timeout No 300 LLM inference timeout (seconds)
policy-preset No strict Enforcement mode: strict (fail on any issue) or lax (warn and continue)
enforce-non-root No true Reject patched Dockerfiles running as root. Set to false to allow root.
healthz-port No 18080 Host port mapped to the container for the health check
healthz-path No / Endpoint route path for the health check probe

πŸ“€ Outputs

Output Description
vulnerabilities-found Whether CRITICAL/HIGH CVEs were detected
patch-applied Whether the AI generated a valid patch
smoke-test-passed Whether the patched Dockerfile compiled
kind-validation-passed Whether KinD deployment succeeded
pr-url URL of the created Pull Request
trivy-results-path Path to scan results JSON
audit-log-path Path to the LLM audit log

πŸ›‘οΈ Security Design

Hallucination Defense (3-Layer)

  1. Instruction Whitelist β€” Every Dockerfile line must start with a valid instruction (FROM, RUN, COPY, etc.). Invented keywords like CREATEGROUP or ADDuser are rejected instantly.
  2. Docker Build Smoke Test β€” The patched Dockerfile must compile with docker build before any artifact is uploaded.
  3. KinD Cluster Validation β€” The patched image must boot, pass health probes, and show zero CrashLoopBackOff pods.

Manifest-First Remediation Strategy

The AI patching engine prioritizes fixing vulnerabilities at the source manifest level (package.json / requirements.txt) rather than injecting inline package installation commands into Docker RUN layers. This prevents dependency collision loops and corrupt node_modules footprints.

Configurable Non-Root Policy

The enforce-non-root input controls whether the integrity gate requires a USER instruction in the patched Dockerfile:

  • true (default): The gate enforces that a USER instruction exists in the patched file (if the original had one), ensuring non-root container execution.
  • false: Root configurations are permitted β€” useful for base images or build-stage containers.

Smoke Test Database Injection

The runtime stability check automatically injects dummy database URIs (MONGO_URI, DATABASE_URL, SKIP_DB) into the smoke test container. This prevents applications with mandatory database connections (Mongoose, PostgreSQL, etc.) from crashing during the 15-second stability window.

Side-by-Side Patching

The AI writes to Dockerfile.patched β€” the original file is never touched until the smoke test passes. If the patch is rejected, the broken file is uploaded to a rejected-patch-forensic artifact for audit.

Security Contexts

All Kubernetes manifests enforce:

  • runAsNonRoot: true
  • readOnlyRootFilesystem: true
  • allowPrivilegeEscalation: false
  • capabilities.drop: [ALL]
  • seccompProfile: RuntimeDefault

πŸ“Š Compliance Artifacts

Every pipeline run uploads (90-day retention):

Artifact Purpose
trivy-results.json Original vulnerability report
patch_audit.log Full LLM prompt + response for audit review
kind-test-report.txt KinD cluster validation evidence
trivy-results-post-patch.json Proof of CVE remediation

πŸ—οΈ Repository Structure

.
β”œβ”€β”€ action.yml                        # GitHub Marketplace Action definition
β”œβ”€β”€ agents.md                         # Agent persona definitions
β”œβ”€β”€ .agents/skills/                   # Domain interaction contracts
β”œβ”€β”€ .kind/cluster-config.yaml         # KinD 2-node cluster spec
β”œβ”€β”€ .trivy/                           # Trivy policy & ignore files
β”œβ”€β”€ .github/workflows/                # Internal pipeline (dogfooding)
β”œβ”€β”€ k8s/                              # Production-grade K8s manifests
β”œβ”€β”€ scripts/remediate_cve.py          # AI patching engine (multi-provider)
β”œβ”€β”€ src/                              # Demo FastAPI application
β”œβ”€β”€ tests/unit/                       # 43 unit tests
β”œβ”€β”€ tests/integration/                # KinD integration test script
β”œβ”€β”€ Dockerfile                        # Intentionally vulnerable baseline
β”œβ”€β”€ SECURITY.md                       # Responsible disclosure policy
└── README.md

πŸ§‘β€πŸ’» Local Development

# Build and scan locally
docker build -t guardian-demo:latest .
trivy image --format json --output trivy-results.json guardian-demo:latest

# Run the AI patcher locally with NVIDIA API
PROVIDER=openai \
API_KEY="<NVIDIA_NIM_API_KEY>" \
OPENAI_MODEL="deepseek-ai/deepseek-v4-flash" \
OPENAI_ENDPOINT="https://integrate.api.nvidia.com/v1" \
python scripts/remediate_cve.py

# Validate in a local KinD cluster
kind create cluster --config .kind/cluster-config.yaml
kind load docker-image guardian-demo:latest --name guardian-test
kubectl apply -f k8s/
kubectl wait --for=condition=available --timeout=120s deployment/guardian-demo

License

MIT β€” See LICENSE

Autonomous, closed-loop CVE detection and remediation for containerized workloads β€” supports both local Ollama and cloud providers like NVIDIA API.

About

Autonomous CVE remediation system with AI patching, runtime validation, KinD testing, and zero-trust deployment gates.

Topics

Resources

Security policy

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors