SecureVision AI
From Diagram to Defense: Security at a Glance. Blueprint Today, Bulletproof Tomorrow.
Empower developers and their teams to reduce the time to go from idea to value.
- 📝 Table of Contents
- 🧐 Problem Statement
- 💡 Idea / Solution
- ⛓️ Dependencies / Limitations
- 🚀 Future Scope
- 🏁 Getting Started
- 🎈 Usage
- ⛏️ Built With
- ✍️ Team
- 🎉 Acknowledgments
SecureVision AI is a ground-breaking tool that transforms the way teams approach security in their cloud and system architectures. By leveraging the power of visual analysis and AI-driven insights, we're bridging the gap between design and defense.
Our platform allows users to upload their:
- Design diagrams
- Reference architectures
- Threat model diagrams
SecureVision AI then springs into action, providing:
-
Instant Analysis: Using advanced AI algorithms, we scan your diagrams against top security frameworks like Microsoft Cloud Security Benchmark, STRIDE Model, MITRE ATT&CK, and DEFEND.
-
Interactive Exploration: Engage in a dynamic chat with our AI to dive deep into specific areas of your design, uncovering potential vulnerabilities and exploring solutions.
-
Actionable Insights: Receive concrete, prioritized steps to enhance your security posture, tailored to your unique architecture.
-
Comprehensive Reporting: Download a detailed report of your session, complete with all identified issues and recommended actions.
Here are the sample output of the latest key features that SecureVision AI can produce:
Follow the guide below to set up SecureVision AI for your own tryout.
- Azure Subscription
- Python 3.12 or higher
- Docker (optional)
- Get an Azure Subscription
- Create an Azure OpenAI deployment
a. Go to AzureOpenAI on the Azure portal
b. Create Azure OpenAI Deployment to your specifications
c. Go to OpenAI Studio (oai.azure.com)
d. Create new deployment, sample values:
| Name: | GPT-4OMNI |
| Model: | gpt-4o |
| Version: | 2024-05-13 |
| Deployment Type: | Standard |
| Tokens per minute rate: | 150k |
| Content Filter: | Default |
| Dynamic Quota: | Enabled |
- Open your model in Playground
- Click "View Code"
- Note your endpoint and key
-
Open Terminal, install Python and Docker Desktop (optional):
Winget install Python
Winget install "Docker Desktop"" -
Clone the repository from the main branch to a local folder (do not use the same git directory as you need to add secrets to your .env file)
git clone url
-
Rename .env.sample to .env and update the following:
AZURE_API_KEY = "-----"
AZURE_ENDPOINT = "https://.openai.azure.com"
AZURE_DEPLOYMENT_NAME = "Name from Above Table"
AZURE_API_VERSION = "Version from above table"
DEBUG_MODE = False
Caution
If you are calling the API with Key directly make sure to update the .env file with the correct values. If you would like to store the secret in a Keyvault, make sure to provide the key vault endpoint and set the USE_KEYVAULT value as true
-
Navigate to the APP directory:
cd reviewer
Important
Note: Make a copy of .env.sample and rename it to .env and update the values accordingly.
-
Create a virtual environment:
python -m venv .venv
-
Activate the virtual environment:
-
For Windows:
.venv\Scripts\activate
-
For macOS/Linux:
source .venv/bin/activate
-
-
Install the required dependencies:
pip install -r requirements.txt
-
Make sure a
.envfile is in the root directory of the reviewer folder and add your specific environment variables using the.env.samplefile as a template.
-
Start the Streamlit app:
python -m streamlit run main.py
-
Open your web browser and navigate to
http://localhost:8501to view the app.
Update the .env file with the required environment variables before proceeding further.
-
Build the Docker image:
docker build -t reviewer . -
Run the Docker container:
docker run -p 8501:8501 reviewer
-
Open your web browser and navigate to
http://localhost:8501to view the app. -
Alternatively, you can use the following
docker build -t reviewer . && docker run -p 8501:8501 reviewer
IDC V-Team:
Ashik ashikkuppili@microsoft.com,
Jitesh jitha@microsoft.com,
Krishna kguttula@microsoft.com,
Manav sharmama@microsoft.com,
Shalabh shalabh.pradhan@microsoft.com
Redmond V-Team:
Donald Scott donald.scott@microsoft.com,
Jason Hennessy jason.hennessy@microsoft.com,
Jeff Surek jesurek@microsoft.com,
Ming Oei mingo@microsoft.com,
Sreedhar Ande sreedhar.ande@microsoft.com,
Sushant Sood ssood26@microsoft.com,
Will Chen chenwi@microsoft.com