metadata
title: CVE Analysis Service (CAS)
emoji: π‘οΈ
colorFrom: gray
colorTo: blue
sdk: docker
app_port: 7860
pinned: true
CVE Analysis Service for streaming markdown reports and JSON-based analysis using OpenAI.
Try it out here
/viewer?cve_id<CVE-ID>&refresh=<true|false>β live stream report/cachedβ raw markdown report/json?cve_id=<CVE-ID>&refresh=<true|false>β JSON response/healthzβ health check/raw?cve_id=<CVE-ID>&refresh=<true|false>β Returns raw markdown report content. If the report does not exist, it generates it using OpenAI./cve_info?cve_id=<CVE-ID>β Fetches CVE information as JSON with error handling./ghsa_to_cve?ghsa_id=<GHSA-ID>β Converts GHSA ID to CVE ID using OpenAI.
Swagger available (on hugging face) here
Example of converting GHSA to CVE:
curl -X GET "http://127.0.0.1:8000/ghsa_to_cve?ghsa_id=GHSA-832w-fhmw-w4f4" -H "accept: application/json"
{"ghsa_id":"GHSA-832w-fhmw-w4f4","cve_id":"CVE-2024-55890"}
MCP Config for VSCode:
Create a file named mcp.json in the .vscode folder of your project and add the following content:
{
"servers": {
// "cve_analysis__debug": {
// "type": "sse",
// "url": "http://localhost:8000/mcp"
// },
"cve_analysis_hf": {
"type": "sse",
"url": "https://dn-scribe-cas.hf.space/mcp"
}
}
}
Function to convert from GHSA to CVE-ID:
A function based on OpenAI gpt-4o-mini-search-preview with costs as follows:
- 25$ per 1k API calls
- 0.15$ per 1M input tokens
- 0.60$ per 1M output tokens
Since the whole transaction is about 40 tokens, the real cost is the per-api-call cost.