Huldra is an automated vulnerability remediation tool designed to streamline the security auditing process. It leverages existing audit tools to identify vulnerabilities in language dependencies and uses an LLM orchestrator to intelligently suggest and apply fixes.
- Automated Auditing: Uses
pip-auditto scan Python dependencies for known vulnerabilities. - Intelligent Remediation: Integrates with TensorZero (LLM Orchestrator) to analyze vulnerability reports and generate context-aware fix recommendations.
- Auto-Fix: Capable of automatically applying recommended fixes (e.g., upgrading packages) via the CLI.
- Extensible Architecture: Designed with a modular provider system to support multiple languages and audit tools in the future.
Huldra consists of three main components:
- Provider: Interfaces with language-specific audit tools (e.g.,
pip-auditfor Python) to detect vulnerabilities and apply fixes. - Orchestrator: Connects to an LLM service (currently TensorZero) to interpret vulnerability data and propose solutions.
- Healer: The core logic that coordinates the Provider and Orchestrator to execute the "audit -> analyze -> fix" workflow.
Huldra requires Python 3.11 or higher.
# Clone the repository
git clone https://github.com/Okwizi/Huldra.git
cd Huldra
# Create a virtual environment and install dependencies using uv
uv venv
source .venv/bin/activate
uv pip install .Huldra provides a command-line interface (CLI) for easy interaction.
To run a full audit and interactively apply fixes:
huldra-cliTo perform an audit without applying any fixes:
huldra-cli --audit-onlyThis project uses uv for dependency management and tox for testing and linting.
# Install uv if you haven't already
curl -LsSf https://astral.sh/uv/install.sh | sh
# Install dependencies
uv sync# Run tests using tox
uvx tox -e test# Run linting and type checking
uvx tox -e lintThis project is licensed under the Apache-2.0 License. See the LICENSE file for details.