Introduction
When combining GPT with risk scanning, Selefra adopts an innovative approach by integrating the powerful capabilities of PolicyAsCode and GPT to enhance the efficiency and accuracy of multi-cloud security compliance detection. While PolicyAsCode has been widely used for internal team collaboration and external open-source project collaboration, as well as facilitating version tracking and audit tracing, it can present challenges due to its high learning curve and lengthy and complex code.
To overcome these challenges, Selefra introduces GPT (Generative Pre-trained Transformer) technology to reduce the complexity and provide a more professional risk scanning solution. GPT is a deep learning-based natural language processing model known for its strong semantic understanding and generation capabilities. By combining GPT with PolicyAsCode, Selefra enables an intelligent security compliance analysis workflow.
Within Selefra, specific GPT prompts are designed for security compliance, cost calculation, and architecture design. Users can trigger automated analysis by inputting GPT statements and select appropriate pre-defined prompts based on their inputs. This flexible mechanism ensures customized risk analysis tailored to different requirements.
Expert Simulation
In Selefra, we have designed dedicated GPT prompts for security compliance, cost calculation, and architecture design. By analyzing the user's input GPT statements, Selefra automatically determines which pre-defined prompt to utilize for the analysis. Let's briefly explain how GPT is used for security compliance project analysis.
Resource Acquisition
Before conducting the analysis with GPT, we still need to acquire resources through Selefra's provider, with some differences in the policy invocation process.
Resource Analysis
In the regular mode, policies typically consist of user-configured SQL statements that query the acquired database to identify risky data and assess the risk level of resources. However, when utilizing GPT, Selefra first submits all the tables to GPT for analysis to determine which tables require analysis. Then, based on the results returned by GPT, Selefra organizes the corresponding table's resource content and sequentially submits it to GPT for analysis. GPT compiles the analysis results into a predefined output format, which is rendered by Selefra to present the structured output to the user.
For the specific code implementation, you can refer to the following four methods in the /pkg/modules/executors/module_query_executor.go
file: filterTables
, filterColumns
, getRows
, and getIssue
.
Summary
In summary, leveraging GPT for multi-cloud product risk scanning significantly reduces the complexity of using PolicyAsCode products and enhances the accuracy of the analysis. However, it is essential to note that the accuracy of the GPT analysis depends on the quality of its training data and models. Therefore, this approach is ideal for beginners and serves as an introductory method for risk scanning, while becoming proficient in risk scanning techniques still requires learning the specialized analysis syntax of PolicyAsCode.
Thank you for reading.
Selefra GitHub: https://github.com/selefra/selefra