Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Annotation improvements - part 2 #1451

Merged
merged 12 commits into from
Nov 13, 2024
Merged

Annotation improvements - part 2 #1451

merged 12 commits into from
Nov 13, 2024

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Nov 12, 2024

Adds ml-tiny profile to trim the bom size further. Gemini, unfortunately, still complains, but is sorta working.

2024-11-12_16-39-51

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu added the enhancement New feature or request label Nov 12, 2024
@prabhu prabhu added this to the 11.0.0 milestone Nov 12, 2024
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Nov 12, 2024

few-shot prompting

bom.json

Gemini failed to detect the BOM type despite offering a system prompt about annotations. Unfortunately, annotations is an array of object, where the text attribute could contain interesting information. This nested structure is breaking some models.

2024-11-12_17-42-58

By simply copying the annotations text from the file and using it as a prompt (few-shot prompt), we get high quality result.

2024-11-12_18-49-30 2024-11-12_18-49-45

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Nov 12, 2024

Crypto properties are getting understood properly.

2024-11-12_18-56-53 2024-11-12_18-57-14

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Nov 13, 2024

meta-prompting

By introducing the definition of OBOM along with the file, the model seems to be focusing on the correct attributes.

obom-windows.json

2024-11-13_14-05-53

I was hoping the model would infer windows_programs from the word programs. After an initial hiccup, it has still managed to answer which is cool.

2024-11-13_14-11-47

With REPL, we can do .search windows_programs, although the columns cannot be specified dynamically.

2024-11-13_14-14-49

The solution is not magical though. When asked for "windows drivers", it couldn't figured out the tag windows_drivers.

2024-11-13_14-18-10

Our REPL does work correctly here.

2024-11-13_14-19-09

Despite my best attempts, I couldn't get the model to return all results correctly. This must be due to tags being an array.

2024-11-13_14-22-32 2024-11-13_14-23-44
  • Need to figure out a prompting technique for OBOM tags.

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Nov 13, 2024

obom-linux.json

This Operations Bill-of-Materials (OBOM) document was created on Wednesday, November 13, 2024 with cdxgen. The lifecycles phases represented are: pre-build, post-build, and operations. The document describes an operating system named 'AlmaLinux' with the build name 'AlmaLinux release 9.4 (Seafoam Ocelot)'. The system appears to be set up for remote development, with 21 Visual Studio Code extensions installed. In addition, there are 1057 applications installed on the system.

Including the question along with the meta-prompt appears to be less effective.

2024-11-13_14-38-06

The below answer, for example, is not accurate since those packages can be used by IT for deploying applications.

2024-11-13_14-39-04

Simply separate out the initial prompt and the question improves quality.

2024-11-13_14-42-08

Presence of VS Code extensions was correctly used to answer the question.

2024-11-13_14-43-33

@prabhu prabhu marked this pull request as ready for review November 13, 2024 14:49
@prabhu prabhu merged commit a45feac into master Nov 13, 2024
25 checks passed
@prabhu prabhu deleted the feature/annotate-part2 branch November 13, 2024 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant