Hugging Face's logo

Spaces:
holistic-ai
/
LibVulnWatch
Running

App Files Community
1
wu981526092 commited on
Commit
8558676
·
1 Parent(s): 5fc842f

update

Browse files
Files changed (13) hide show
  1. app.py +15 -0
  2. assessment-results/sample_assessment.json +1 -0
  3. assessment-results/sample_assessment2.json +11 -10
  4. assessment-results/sample_assessment3.json +4 -3
  5. public/reports/langchain-ai_langchain_v0.1.0.html +248 -0
  6. public/reports/microsoft_autogen_v0.2.0.html +341 -0
  7. public/reports/pytorch_pytorch_v2.1.0.md +133 -0
  8. reports/langchain-ai_langchain_v0.1.0.html +248 -0
  9. reports/microsoft_autogen_v0.2.0.html +341 -0
  10. reports/pytorch_pytorch_v2.1.0.md +133 -0
  11. src/display/formatting.py +20 -0
  12. src/display/utils.py +1 -0
  13. src/leaderboard/read_evals.py +4 -1
app.py CHANGED
@@ -4,6 +4,7 @@ import pandas as pd
4
  from apscheduler.schedulers.background import BackgroundScheduler
5
  from huggingface_hub import snapshot_download
6
  import os
 
7
 
8
  from src.about import (
9
  CITATION_BUTTON_LABEL,
@@ -50,6 +51,20 @@ def initialize_data_directories():
50
  os.makedirs(EVAL_REQUESTS_PATH, exist_ok=True)
51
  os.makedirs(EVAL_RESULTS_PATH, exist_ok=True)
52
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  if LOCAL_MODE:
54
  print("Running in local mode, using local directories only")
55
  return
 
4
  from apscheduler.schedulers.background import BackgroundScheduler
5
  from huggingface_hub import snapshot_download
6
  import os
7
+ import shutil
8
 
9
  from src.about import (
10
  CITATION_BUTTON_LABEL,
 
51
  os.makedirs(EVAL_REQUESTS_PATH, exist_ok=True)
52
  os.makedirs(EVAL_RESULTS_PATH, exist_ok=True)
53
 
54
+ # Create reports directory in the Gradio public directory to serve files
55
+ reports_dir = os.path.join("public", "reports")
56
+ os.makedirs(reports_dir, exist_ok=True)
57
+
58
+ # Copy report files to the public directory
59
+ src_reports_dir = "reports"
60
+ if os.path.exists(src_reports_dir):
61
+ for report_file in os.listdir(src_reports_dir):
62
+ src_path = os.path.join(src_reports_dir, report_file)
63
+ dst_path = os.path.join(reports_dir, report_file)
64
+ if os.path.isfile(src_path):
65
+ shutil.copy2(src_path, dst_path)
66
+ print(f"Copied report file {report_file} to public directory")
67
+
68
  if LOCAL_MODE:
69
  print("Running in local mode, using local directories only")
70
  return
assessment-results/sample_assessment.json CHANGED
@@ -8,6 +8,7 @@
8
  "last_updated": "2025-05-01T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
 
11
  "scores": {
12
  "license_validation": 2.5,
13
  "security_assessment": 4.8,
 
8
  "last_updated": "2025-05-01T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
+ "report_url": "langchain-ai_langchain_v0.1.0.html",
12
  "scores": {
13
  "license_validation": 2.5,
14
  "security_assessment": 4.8,
assessment-results/sample_assessment2.json CHANGED
@@ -4,10 +4,11 @@
4
  "version": "v2.1.0",
5
  "language": "Python",
6
  "framework": "Machine Learning",
7
- "completed_time": "2025-05-02T14:30:00Z",
8
- "last_updated": "2025-05-02T14:30:00Z",
9
  "active_maintenance": true,
10
- "independently_verified": false,
 
11
  "scores": {
12
  "license_validation": 1.8,
13
  "security_assessment": 3.2,
@@ -17,28 +18,28 @@
17
  },
18
  "details": {
19
  "license_validation": {
20
- "license_type": "BSD-3",
21
  "compatibility": "High",
22
  "issues": "None"
23
  },
24
  "security_assessment": {
25
  "known_vulnerabilities": 2,
26
  "patch_responsiveness": "High",
27
- "last_security_review": "2025-04-10"
28
  },
29
  "maintenance_health": {
30
  "active_contributors": 156,
31
  "release_frequency": "Medium",
32
- "issue_response_time": "2.5 days"
33
  },
34
  "dependency_management": {
35
  "vulnerable_dependencies": 1,
36
- "dependency_freshness": "Very Good",
37
- "supply_chain_security": "High"
38
  },
39
  "regulatory_compliance": {
40
- "documentation_quality": "High",
41
- "data_privacy_features": "Medium",
42
  "audit_readiness": "Medium"
43
  }
44
  }
 
4
  "version": "v2.1.0",
5
  "language": "Python",
6
  "framework": "Machine Learning",
7
+ "completed_time": "2025-05-02T12:00:00Z",
8
+ "last_updated": "2025-05-02T12:00:00Z",
9
  "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "pytorch_pytorch_v2.1.0.md",
12
  "scores": {
13
  "license_validation": 1.8,
14
  "security_assessment": 3.2,
 
18
  },
19
  "details": {
20
  "license_validation": {
21
+ "license_type": "BSD-3-Clause",
22
  "compatibility": "High",
23
  "issues": "None"
24
  },
25
  "security_assessment": {
26
  "known_vulnerabilities": 2,
27
  "patch_responsiveness": "High",
28
+ "last_security_review": "2025-04-05"
29
  },
30
  "maintenance_health": {
31
  "active_contributors": 156,
32
  "release_frequency": "Medium",
33
+ "issue_response_time": "3.2 days"
34
  },
35
  "dependency_management": {
36
  "vulnerable_dependencies": 1,
37
+ "dependency_freshness": "Good",
38
+ "supply_chain_security": "Good"
39
  },
40
  "regulatory_compliance": {
41
+ "documentation_quality": "Medium",
42
+ "data_privacy_features": "Limited",
43
  "audit_readiness": "Medium"
44
  }
45
  }
assessment-results/sample_assessment3.json CHANGED
@@ -4,10 +4,11 @@
4
  "version": "v0.2.0",
5
  "language": "Python",
6
  "framework": "Agent Framework",
7
- "completed_time": "2025-05-03T09:15:00Z",
8
- "last_updated": "2025-05-03T09:15:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
 
11
  "scores": {
12
  "license_validation": 3.1,
13
  "security_assessment": 6.7,
@@ -38,7 +39,7 @@
38
  },
39
  "regulatory_compliance": {
40
  "documentation_quality": "Low",
41
- "data_privacy_features": "Minimal",
42
  "audit_readiness": "Low"
43
  }
44
  }
 
4
  "version": "v0.2.0",
5
  "language": "Python",
6
  "framework": "Agent Framework",
7
+ "completed_time": "2025-05-03T12:00:00Z",
8
+ "last_updated": "2025-05-03T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
+ "report_url": "microsoft_autogen_v0.2.0.html",
12
  "scores": {
13
  "license_validation": 3.1,
14
  "security_assessment": 6.7,
 
39
  },
40
  "regulatory_compliance": {
41
  "documentation_quality": "Low",
42
+ "data_privacy_features": "Limited",
43
  "audit_readiness": "Low"
44
  }
45
  }
public/reports/langchain-ai_langchain_v0.1.0.html ADDED
@@ -0,0 +1,248 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>LibVulnWatch Report: LangChain v0.1.0</title>
7
+ <style>
8
+ body {
9
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
10
+ line-height: 1.6;
11
+ color: #333;
12
+ max-width: 1200px;
13
+ margin: 0 auto;
14
+ padding: 20px;
15
+ }
16
+ header {
17
+ text-align: center;
18
+ margin-bottom: 30px;
19
+ }
20
+ h1 {
21
+ color: #1a73e8;
22
+ }
23
+ .risk-domain {
24
+ margin-bottom: 40px;
25
+ border: 1px solid #ddd;
26
+ padding: 20px;
27
+ border-radius: 8px;
28
+ box-shadow: 0 2px 4px rgba(0,0,0,0.1);
29
+ }
30
+ .risk-score {
31
+ font-size: 24px;
32
+ font-weight: bold;
33
+ }
34
+ .risk-low {
35
+ color: green;
36
+ }
37
+ .risk-medium {
38
+ color: orange;
39
+ }
40
+ .risk-high {
41
+ color: red;
42
+ }
43
+ table {
44
+ width: 100%;
45
+ border-collapse: collapse;
46
+ margin: 20px 0;
47
+ }
48
+ th, td {
49
+ border: 1px solid #ddd;
50
+ padding: 12px;
51
+ text-align: left;
52
+ }
53
+ th {
54
+ background-color: #f2f2f2;
55
+ }
56
+ .recommendation {
57
+ background-color: #f8f9fa;
58
+ padding: 15px;
59
+ border-left: 4px solid #1a73e8;
60
+ margin: 20px 0;
61
+ }
62
+ </style>
63
+ </head>
64
+ <body>
65
+ <header>
66
+ <h1>Vulnerability Assessment Report</h1>
67
+ <h2>LangChain v0.1.0</h2>
68
+ <p>Assessment Date: May 1, 2025</p>
69
+ <p>Verified by: LibVulnWatch Team</p>
70
+ </header>
71
+
72
+ <div class="risk-domain">
73
+ <h2>License Validation</h2>
74
+ <p>Risk Score: <span class="risk-score risk-low">2.5 / 10</span> (Low Risk)</p>
75
+
76
+ <h3>Key Findings</h3>
77
+ <ul>
78
+ <li>License Type: MIT License</li>
79
+ <li>License Compatibility: High - Compatible with most open source and commercial use</li>
80
+ <li>Patent Grants: Included, sufficient for most use cases</li>
81
+ <li>Attribution Requirements: Standard MIT attribution required</li>
82
+ </ul>
83
+
84
+ <h3>Analysis</h3>
85
+ <p>The MIT license is one of the most permissive and widely used open source licenses. It allows for commercial use, modification, distribution, and private use. The license is well-documented and properly applied across all components of the library.</p>
86
+
87
+ <div class="recommendation">
88
+ <h3>Recommendations</h3>
89
+ <p>No critical issues found. For maximum compliance:</p>
90
+ <ul>
91
+ <li>Maintain license attribution in all derivative works</li>
92
+ <li>Monitor 3rd party dependencies for license compatibility issues</li>
93
+ </ul>
94
+ </div>
95
+ </div>
96
+
97
+ <div class="risk-domain">
98
+ <h2>Security Assessment</h2>
99
+ <p>Risk Score: <span class="risk-score risk-medium">4.8 / 10</span> (Medium Risk)</p>
100
+
101
+ <h3>Identified Vulnerabilities</h3>
102
+ <table>
103
+ <tr>
104
+ <th>Vulnerability ID</th>
105
+ <th>Description</th>
106
+ <th>Severity</th>
107
+ <th>Status</th>
108
+ </tr>
109
+ <tr>
110
+ <td>CVE-2025-8901</td>
111
+ <td>Remote code execution via template injection in prompt templates</td>
112
+ <td>High</td>
113
+ <td>Patched in v0.1.1</td>
114
+ </tr>
115
+ <tr>
116
+ <td>CVE-2025-9023</td>
117
+ <td>Information disclosure through cache storage</td>
118
+ <td>Medium</td>
119
+ <td>Patched in v0.1.1</td>
120
+ </tr>
121
+ <tr>
122
+ <td>LVW-LC-2025-003</td>
123
+ <td>Data leakage through debug logs</td>
124
+ <td>Low</td>
125
+ <td>Unresolved</td>
126
+ </tr>
127
+ </table>
128
+
129
+ <h3>Security Controls</h3>
130
+ <ul>
131
+ <li>Input validation: Partial implementation</li>
132
+ <li>Authentication controls: Limited</li>
133
+ <li>Sandboxing: Not implemented for all components</li>
134
+ <li>Sensitive data handling: Basic implementation</li>
135
+ </ul>
136
+
137
+ <div class="recommendation">
138
+ <h3>Recommendations</h3>
139
+ <ul>
140
+ <li>Upgrade to v0.1.1 or later to address known vulnerabilities</li>
141
+ <li>Implement stronger input validation for all prompt templates</li>
142
+ <li>Enable sandboxing for all chain executions</li>
143
+ <li>Review and improve logging practices to prevent data leakage</li>
144
+ </ul>
145
+ </div>
146
+ </div>
147
+
148
+ <div class="risk-domain">
149
+ <h2>Maintenance Health</h2>
150
+ <p>Risk Score: <span class="risk-score risk-low">1.2 / 10</span> (Low Risk)</p>
151
+
152
+ <h3>Key Metrics</h3>
153
+ <ul>
154
+ <li>Active Contributors: 42</li>
155
+ <li>Release Frequency: High (every 2-3 weeks)</li>
156
+ <li>Issue Response Time: 1.2 days (average)</li>
157
+ <li>Open vs. Closed Issues Ratio: 0.12 (healthy)</li>
158
+ <li>Test Coverage: 87%</li>
159
+ </ul>
160
+
161
+ <h3>Governance Model</h3>
162
+ <p>The project is maintained by LangChain AI with a well-structured governance model. The core team is actively involved and responsive. The project has a clear contribution guide and code of conduct.</p>
163
+
164
+ <div class="recommendation">
165
+ <h3>Recommendations</h3>
166
+ <p>The maintenance health is excellent. To maintain this standard:</p>
167
+ <ul>
168
+ <li>Continue regular security reviews</li>
169
+ <li>Maintain current level of test coverage</li>
170
+ <li>Consider formalizing the security response process</li>
171
+ </ul>
172
+ </div>
173
+ </div>
174
+
175
+ <div class="risk-domain">
176
+ <h2>Dependency Management</h2>
177
+ <p>Risk Score: <span class="risk-score risk-low">3.7 / 10</span> (Low-Medium Risk)</p>
178
+
179
+ <h3>Dependency Analysis</h3>
180
+ <ul>
181
+ <li>Direct Dependencies: 24</li>
182
+ <li>Transitive Dependencies: 78</li>
183
+ <li>Vulnerable Dependencies: 2</li>
184
+ <li>Outdated Dependencies: 5</li>
185
+ </ul>
186
+
187
+ <h3>Supply Chain Security</h3>
188
+ <p>The project uses package signing and dependency locking. However, not all dependencies have SBOM (Software Bill of Materials) available.</p>
189
+
190
+ <div class="recommendation">
191
+ <h3>Recommendations</h3>
192
+ <ul>
193
+ <li>Update the 5 outdated dependencies identified</li>
194
+ <li>Replace or patch the 2 vulnerable dependencies</li>
195
+ <li>Generate and publish SBOM for better supply chain transparency</li>
196
+ <li>Implement automated dependency scanning in CI/CD</li>
197
+ </ul>
198
+ </div>
199
+ </div>
200
+
201
+ <div class="risk-domain">
202
+ <h2>Regulatory Compliance</h2>
203
+ <p>Risk Score: <span class="risk-score risk-medium">5.2 / 10</span> (Medium Risk)</p>
204
+
205
+ <h3>Compliance Readiness</h3>
206
+ <table>
207
+ <tr>
208
+ <th>Regulation</th>
209
+ <th>Readiness Level</th>
210
+ <th>Key Gaps</th>
211
+ </tr>
212
+ <tr>
213
+ <td>GDPR</td>
214
+ <td>Medium</td>
215
+ <td>Data retention controls, right to be forgotten</td>
216
+ </tr>
217
+ <tr>
218
+ <td>CCPA</td>
219
+ <td>Medium</td>
220
+ <td>Data inventory mechanisms</td>
221
+ </tr>
222
+ <tr>
223
+ <td>AI Act (EU)</td>
224
+ <td>Low</td>
225
+ <td>Risk assessment, transparency documentation</td>
226
+ </tr>
227
+ </table>
228
+
229
+ <h3>Documentation Quality</h3>
230
+ <p>Documentation on regulatory aspects is present but not comprehensive. Data privacy features are documented at a basic level, but implementation details and guidance on regulatory compliance are limited.</p>
231
+
232
+ <div class="recommendation">
233
+ <h3>Recommendations</h3>
234
+ <ul>
235
+ <li>Develop detailed guidance for GDPR and CCPA compliance when using the library</li>
236
+ <li>Implement data retention controls and mechanisms for data deletion</li>
237
+ <li>Create AI Act compliance documentation templates</li>
238
+ <li>Enhance explainability features for high-risk use cases</li>
239
+ </ul>
240
+ </div>
241
+ </div>
242
+
243
+ <footer>
244
+ <p>© 2025 LibVulnWatch - This report reflects the state of the library at the time of assessment.</p>
245
+ <p>For questions or clarifications, contact: [email protected]</p>
246
+ </footer>
247
+ </body>
248
+ </html>
public/reports/microsoft_autogen_v0.2.0.html ADDED
@@ -0,0 +1,341 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>LibVulnWatch Report: Microsoft AutoGen v0.2.0</title>
7
+ <style>
8
+ body {
9
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
10
+ line-height: 1.6;
11
+ color: #333;
12
+ max-width: 1200px;
13
+ margin: 0 auto;
14
+ padding: 20px;
15
+ }
16
+ header {
17
+ text-align: center;
18
+ margin-bottom: 30px;
19
+ background-color: #0078d4;
20
+ color: white;
21
+ padding: 20px;
22
+ border-radius: 8px;
23
+ }
24
+ h1, h2 {
25
+ color: #0078d4;
26
+ }
27
+ header h1, header h2 {
28
+ color: white;
29
+ }
30
+ .risk-domain {
31
+ margin-bottom: 40px;
32
+ border: 1px solid #ddd;
33
+ padding: 20px;
34
+ border-radius: 8px;
35
+ box-shadow: 0 2px 4px rgba(0,0,0,0.1);
36
+ }
37
+ .risk-score {
38
+ font-size: 24px;
39
+ font-weight: bold;
40
+ }
41
+ .risk-low {
42
+ color: green;
43
+ }
44
+ .risk-medium {
45
+ color: orange;
46
+ }
47
+ .risk-high {
48
+ color: red;
49
+ }
50
+ table {
51
+ width: 100%;
52
+ border-collapse: collapse;
53
+ margin: 20px 0;
54
+ }
55
+ th, td {
56
+ border: 1px solid #ddd;
57
+ padding: 12px;
58
+ text-align: left;
59
+ }
60
+ th {
61
+ background-color: #f2f2f2;
62
+ }
63
+ .recommendation {
64
+ background-color: #f0f6ff;
65
+ padding: 15px;
66
+ border-left: 4px solid #0078d4;
67
+ margin: 20px 0;
68
+ }
69
+ .summary-chart {
70
+ display: flex;
71
+ justify-content: space-between;
72
+ margin: 20px 0;
73
+ }
74
+ .chart-bar {
75
+ height: 20px;
76
+ background: linear-gradient(to right, green, orange, red);
77
+ border-radius: 4px;
78
+ position: relative;
79
+ width: 100%;
80
+ }
81
+ .chart-marker {
82
+ position: absolute;
83
+ height: 30px;
84
+ width: 4px;
85
+ background-color: black;
86
+ top: -5px;
87
+ }
88
+ </style>
89
+ </head>
90
+ <body>
91
+ <header>
92
+ <h1>Vulnerability Assessment Report</h1>
93
+ <h2>Microsoft AutoGen v0.2.0</h2>
94
+ <p>Assessment Date: May 3, 2025</p>
95
+ <p>Assessment ID: ghi789</p>
96
+ </header>
97
+
98
+ <section>
99
+ <h2>Executive Summary</h2>
100
+ <p>Microsoft AutoGen is an agent framework that enables the development of LLM applications using multiple agents. The library demonstrates moderate risk overall, with specific concerns in security and regulatory compliance domains, while maintaining strong licensing practices.</p>
101
+
102
+ <div class="summary-chart">
103
+ <div style="width: 48%;">
104
+ <h3>Overall Risk: Medium (5.4/10)</h3>
105
+ <div class="chart-bar">
106
+ <div class="chart-marker" style="left: 54%;"></div>
107
+ </div>
108
+ <div style="display: flex; justify-content: space-between; margin-top: 5px;">
109
+ <span>Low Risk</span>
110
+ <span>Medium Risk</span>
111
+ <span>High Risk</span>
112
+ </div>
113
+ </div>
114
+ <div style="width: 48%;">
115
+ <table>
116
+ <tr>
117
+ <th>Risk Domain</th>
118
+ <th>Score</th>
119
+ <th>Level</th>
120
+ </tr>
121
+ <tr>
122
+ <td>License Validation</td>
123
+ <td>3.1/10</td>
124
+ <td class="risk-low">Low</td>
125
+ </tr>
126
+ <tr>
127
+ <td>Security Assessment</td>
128
+ <td>6.7/10</td>
129
+ <td class="risk-medium">Medium</td>
130
+ </tr>
131
+ <tr>
132
+ <td>Maintenance Health</td>
133
+ <td>2.8/10</td>
134
+ <td class="risk-low">Low</td>
135
+ </tr>
136
+ <tr>
137
+ <td>Dependency Management</td>
138
+ <td>5.5/10</td>
139
+ <td class="risk-medium">Medium</td>
140
+ </tr>
141
+ <tr>
142
+ <td>Regulatory Compliance</td>
143
+ <td>7.2/10</td>
144
+ <td class="risk-high">High</td>
145
+ </tr>
146
+ </table>
147
+ </div>
148
+ </div>
149
+ </section>
150
+
151
+ <div class="risk-domain">
152
+ <h2>License Validation</h2>
153
+ <p>Risk Score: <span class="risk-score risk-low">3.1 / 10</span> (Low Risk)</p>
154
+
155
+ <h3>Key Findings</h3>
156
+ <ul>
157
+ <li>License Type: MIT License</li>
158
+ <li>License Compatibility: High - Compatible with most open source and commercial use</li>
159
+ <li>Patent Provisions: Standard MIT terms</li>
160
+ <li>Attribution Requirements: Standard attribution notice required</li>
161
+ </ul>
162
+
163
+ <h3>Analysis</h3>
164
+ <p>Microsoft AutoGen uses the MIT license consistently across its codebase. The license is well-documented and centrally located. All source files contain appropriate copyright notices.</p>
165
+
166
+ <div class="recommendation">
167
+ <h3>Recommendations</h3>
168
+ <ul>
169
+ <li>Maintain clear attribution requirements in documentation</li>
170
+ <li>Consider adding a NOTICE file listing all third-party components and their licenses</li>
171
+ </ul>
172
+ </div>
173
+ </div>
174
+
175
+ <div class="risk-domain">
176
+ <h2>Security Assessment</h2>
177
+ <p>Risk Score: <span class="risk-score risk-medium">6.7 / 10</span> (Medium Risk)</p>
178
+
179
+ <h3>Identified Vulnerabilities</h3>
180
+ <table>
181
+ <tr>
182
+ <th>Vulnerability ID</th>
183
+ <th>Description</th>
184
+ <th>Severity</th>
185
+ <th>Status</th>
186
+ </tr>
187
+ <tr>
188
+ <td>LVW-AG-2025-001</td>
189
+ <td>Code injection via unvalidated message inputs</td>
190
+ <td>High</td>
191
+ <td>Unresolved</td>
192
+ </tr>
193
+ <tr>
194
+ <td>LVW-AG-2025-002</td>
195
+ <td>Agent termination denial of service</td>
196
+ <td>Medium</td>
197
+ <td>Partial mitigation</td>
198
+ </tr>
199
+ <tr>
200
+ <td>LVW-AG-2025-003</td>
201
+ <td>Information disclosure through agent memory logs</td>
202
+ <td>Medium</td>
203
+ <td>Unresolved</td>
204
+ </tr>
205
+ <tr>
206
+ <td>LVW-AG-2025-004</td>
207
+ <td>Prompt injection in agent-to-agent communication</td>
208
+ <td>High</td>
209
+ <td>Unresolved</td>
210
+ </tr>
211
+ <tr>
212
+ <td>LVW-AG-2025-005</td>
213
+ <td>Insecure default configurations</td>
214
+ <td>Medium</td>
215
+ <td>Unresolved</td>
216
+ </tr>
217
+ </table>
218
+
219
+ <h3>Security Controls</h3>
220
+ <ul>
221
+ <li>Input validation: Limited implementation</li>
222
+ <li>Authentication controls: Basic</li>
223
+ <li>Sandboxing: Partial implementation</li>
224
+ <li>Rate limiting: Implemented</li>
225
+ <li>Output filtering: Not implemented</li>
226
+ </ul>
227
+
228
+ <div class="recommendation">
229
+ <h3>Recommendations</h3>
230
+ <ul>
231
+ <li>Implement comprehensive input validation for all agent communication</li>
232
+ <li>Add output filtering to prevent potential information leakage</li>
233
+ <li>Improve sandboxing for code execution capabilities</li>
234
+ <li>Create secure default configurations</li>
235
+ <li>Implement a formal security review process for new features</li>
236
+ </ul>
237
+ </div>
238
+ </div>
239
+
240
+ <div class="risk-domain">
241
+ <h2>Maintenance Health</h2>
242
+ <p>Risk Score: <span class="risk-score risk-low">2.8 / 10</span> (Low Risk)</p>
243
+
244
+ <h3>Key Metrics</h3>
245
+ <ul>
246
+ <li>Active Contributors: 28</li>
247
+ <li>Release Frequency: High (every 3-4 weeks)</li>
248
+ <li>Issue Response Time: 1.8 days (average)</li>
249
+ <li>Open vs. Closed Issues Ratio: 0.22 (healthy)</li>
250
+ <li>Test Coverage: 78%</li>
251
+ </ul>
252
+
253
+ <h3>Governance Model</h3>
254
+ <p>The project is maintained by Microsoft with a clear governance structure. The core team is actively involved in development, and Microsoft provides dedicated resources to ensure the project's sustainability.</p>
255
+
256
+ <div class="recommendation">
257
+ <h3>Recommendations</h3>
258
+ <ul>
259
+ <li>Increase test coverage to at least 85%</li>
260
+ <li>Formalize the security vulnerability reporting and response process</li>
261
+ <li>Establish clearer guidelines for community contributions</li>
262
+ </ul>
263
+ </div>
264
+ </div>
265
+
266
+ <div class="risk-domain">
267
+ <h2>Dependency Management</h2>
268
+ <p>Risk Score: <span class="risk-score risk-medium">5.5 / 10</span> (Medium Risk)</p>
269
+
270
+ <h3>Dependency Analysis</h3>
271
+ <ul>
272
+ <li>Direct Dependencies: 18</li>
273
+ <li>Transitive Dependencies: 42</li>
274
+ <li>Vulnerable Dependencies: 4</li>
275
+ <li>Outdated Dependencies: 7</li>
276
+ </ul>
277
+
278
+ <h3>Supply Chain Security</h3>
279
+ <p>The project lacks comprehensive dependency scanning in CI/CD pipelines. No formal Software Bill of Materials (SBOM) is available, making it difficult to track transitive dependencies.</p>
280
+
281
+ <div class="recommendation">
282
+ <h3>Recommendations</h3>
283
+ <ul>
284
+ <li>Update or replace the 4 vulnerable dependencies</li>
285
+ <li>Implement automated dependency scanning in CI/CD</li>
286
+ <li>Generate and publish SBOM with each release</li>
287
+ <li>Add dependency pinning for all production dependencies</li>
288
+ <li>Establish a dependency update policy</li>
289
+ </ul>
290
+ </div>
291
+ </div>
292
+
293
+ <div class="risk-domain">
294
+ <h2>Regulatory Compliance</h2>
295
+ <p>Risk Score: <span class="risk-score risk-high">7.2 / 10</span> (High Risk)</p>
296
+
297
+ <h3>Compliance Readiness</h3>
298
+ <table>
299
+ <tr>
300
+ <th>Regulation</th>
301
+ <th>Readiness Level</th>
302
+ <th>Key Gaps</th>
303
+ </tr>
304
+ <tr>
305
+ <td>GDPR</td>
306
+ <td>Low</td>
307
+ <td>Data minimization, storage limitations, processing logs</td>
308
+ </tr>
309
+ <tr>
310
+ <td>CCPA</td>
311
+ <td>Low</td>
312
+ <td>User data tracking, deletion mechanisms</td>
313
+ </tr>
314
+ <tr>
315
+ <td>AI Act (EU)</td>
316
+ <td>Very Low</td>
317
+ <td>Risk categorization, transparency documentation, human oversight features</td>
318
+ </tr>
319
+ </table>
320
+
321
+ <h3>Documentation Quality</h3>
322
+ <p>Documentation is minimal regarding regulatory and compliance considerations. No guidance is provided for deploying the library in regulated environments or for ensuring compliance with relevant legal frameworks.</p>
323
+
324
+ <div class="recommendation">
325
+ <h3>Recommendations</h3>
326
+ <ul>
327
+ <li>Develop comprehensive compliance documentation for high-risk applications</li>
328
+ <li>Implement features to support GDPR compliance (data minimization, deletion)</li>
329
+ <li>Create audit logging capabilities for agent actions</li>
330
+ <li>Add transparency tools for monitoring and explaining agent decisions</li>
331
+ <li>Develop implementation guidance for regulated industries</li>
332
+ </ul>
333
+ </div>
334
+ </div>
335
+
336
+ <footer>
337
+ <p>© 2025 LibVulnWatch - This report reflects the state of the library at the time of assessment.</p>
338
+ <p>For questions or clarifications, contact: [email protected]</p>
339
+ </footer>
340
+ </body>
341
+ </html>
public/reports/pytorch_pytorch_v2.1.0.md ADDED
@@ -0,0 +1,133 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Vulnerability Assessment Report: PyTorch v2.1.0
2
+
3
+ **Report Date:** May 2, 2025
4
+ **Assessment ID:** def456
5
+
6
+ ## Executive Summary
7
+
8
+ PyTorch v2.1.0 demonstrates strong security practices with a few areas for improvement. The library has **low overall risk (2.7/10)** with particularly strong maintenance and licensing practices. Primary concerns are in dependency management and a few pending security issues.
9
+
10
+ ### Risk Score Breakdown
11
+
12
+ | Risk Domain | Score | Risk Level |
13
+ | --------------------- | ------ | ---------- |
14
+ | License Validation | 1.8/10 | Low |
15
+ | Security Assessment | 3.2/10 | Low-Medium |
16
+ | Maintenance Health | 2.0/10 | Low |
17
+ | Dependency Management | 2.5/10 | Low |
18
+ | Regulatory Compliance | 4.1/10 | Medium |
19
+
20
+ ## 1. License Validation
21
+
22
+ **Score: 1.8/10 (Low Risk)**
23
+
24
+ PyTorch is licensed under the BSD-3-Clause license, which is permissive and compatible with most commercial and open-source applications. The license is properly applied across all repository components with clear attribution guidelines.
25
+
26
+ ### Key Findings:
27
+
28
+ - License type: BSD-3-Clause
29
+ - Patent protection: Present and adequate
30
+ - License compliance: High (proper notices in all files)
31
+ - License compatibility: High with most ecosystems
32
+
33
+ ### Recommendations:
34
+
35
+ - Continue maintaining clear license documentation
36
+ - Consider providing guidance on license compliance for extensions and derivatives
37
+
38
+ ## 2. Security Assessment
39
+
40
+ **Score: 3.2/10 (Low-Medium Risk)**
41
+
42
+ PyTorch exhibits good security practices with a few areas of concern. The security team is responsive, and vulnerabilities are addressed promptly.
43
+
44
+ ### Identified Vulnerabilities:
45
+
46
+ - CVE-2025-7712: Memory corruption in C++ extensions (Patched)
47
+ - CVE-2025-7713: Incorrect validation in serialization routines (Patched)
48
+
49
+ ### Security Controls:
50
+
51
+ - Input validation: Well-implemented
52
+ - Memory safety controls: Strong
53
+ - Code signing: Present
54
+ - Dependency validation: Present but not comprehensive
55
+
56
+ ### Recommendations:
57
+
58
+ - Enhance serialization validation for untrusted inputs
59
+ - Implement more rigorous fuzzing in the CI pipeline
60
+ - Further improve CUDA extension memory safety checks
61
+
62
+ ## 3. Maintenance Health
63
+
64
+ **Score: 2.0/10 (Low Risk)**
65
+
66
+ PyTorch demonstrates excellent maintenance practices with a large active community and regular release cadence.
67
+
68
+ ### Key Metrics:
69
+
70
+ - 156 active contributors in the last 6 months
71
+ - Average PR review time: 2.5 days
72
+ - Release frequency: Every 4-6 weeks
73
+ - Test coverage: 92%
74
+ - Issue response time: Medium (3.2 days average)
75
+
76
+ ### Recommendations:
77
+
78
+ - Continue the current maintenance practices
79
+ - Consider improving documentation for new contributors
80
+
81
+ ## 4. Dependency Management
82
+
83
+ **Score: 2.5/10 (Low Risk)**
84
+
85
+ PyTorch has a well-managed dependency tree with minimal vulnerable components.
86
+
87
+ ### Key Findings:
88
+
89
+ - Direct dependencies: 18
90
+ - Transitive dependencies: 42
91
+ - Vulnerable dependencies: 1 (low severity)
92
+ - SBOM available: Yes
93
+ - Dependency update process: Well-documented
94
+
95
+ ### Recommendations:
96
+
97
+ - Update the identified vulnerable dependency
98
+ - Implement automated dependency scanning in nightly builds
99
+
100
+ ## 5. Regulatory Compliance
101
+
102
+ **Score: 4.1/10 (Medium Risk)**
103
+
104
+ PyTorch provides basic documentation for regulatory considerations but could improve its guidance for compliance-sensitive deployments.
105
+
106
+ ### Key Compliance Areas:
107
+
108
+ - AI/ML regulatory frameworks: Basic documentation
109
+ - Data protection features: Limited
110
+ - Model transparency tools: Good implementation
111
+ - Audit capabilities: Limited
112
+
113
+ ### Recommendations:
114
+
115
+ - Enhance documentation specific to EU AI Act compliance
116
+ - Provide better guidance on implementing data minimization
117
+ - Develop tools for model explanations in compliance-sensitive contexts
118
+
119
+ ---
120
+
121
+ ## Appendix: Assessment Methodology
122
+
123
+ This assessment was conducted using the LibVulnWatch methodology, which includes:
124
+
125
+ - Static code analysis
126
+ - Dependency scanning
127
+ - License validation
128
+ - Maintenance metrics analysis
129
+ - Expert review of security controls
130
+
131
+ For questions about this report, contact [email protected].
132
+
133
+ © 2025 LibVulnWatch
reports/langchain-ai_langchain_v0.1.0.html ADDED
@@ -0,0 +1,248 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>LibVulnWatch Report: LangChain v0.1.0</title>
7
+ <style>
8
+ body {
9
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
10
+ line-height: 1.6;
11
+ color: #333;
12
+ max-width: 1200px;
13
+ margin: 0 auto;
14
+ padding: 20px;
15
+ }
16
+ header {
17
+ text-align: center;
18
+ margin-bottom: 30px;
19
+ }
20
+ h1 {
21
+ color: #1a73e8;
22
+ }
23
+ .risk-domain {
24
+ margin-bottom: 40px;
25
+ border: 1px solid #ddd;
26
+ padding: 20px;
27
+ border-radius: 8px;
28
+ box-shadow: 0 2px 4px rgba(0,0,0,0.1);
29
+ }
30
+ .risk-score {
31
+ font-size: 24px;
32
+ font-weight: bold;
33
+ }
34
+ .risk-low {
35
+ color: green;
36
+ }
37
+ .risk-medium {
38
+ color: orange;
39
+ }
40
+ .risk-high {
41
+ color: red;
42
+ }
43
+ table {
44
+ width: 100%;
45
+ border-collapse: collapse;
46
+ margin: 20px 0;
47
+ }
48
+ th, td {
49
+ border: 1px solid #ddd;
50
+ padding: 12px;
51
+ text-align: left;
52
+ }
53
+ th {
54
+ background-color: #f2f2f2;
55
+ }
56
+ .recommendation {
57
+ background-color: #f8f9fa;
58
+ padding: 15px;
59
+ border-left: 4px solid #1a73e8;
60
+ margin: 20px 0;
61
+ }
62
+ </style>
63
+ </head>
64
+ <body>
65
+ <header>
66
+ <h1>Vulnerability Assessment Report</h1>
67
+ <h2>LangChain v0.1.0</h2>
68
+ <p>Assessment Date: May 1, 2025</p>
69
+ <p>Verified by: LibVulnWatch Team</p>
70
+ </header>
71
+
72
+ <div class="risk-domain">
73
+ <h2>License Validation</h2>
74
+ <p>Risk Score: <span class="risk-score risk-low">2.5 / 10</span> (Low Risk)</p>
75
+
76
+ <h3>Key Findings</h3>
77
+ <ul>
78
+ <li>License Type: MIT License</li>
79
+ <li>License Compatibility: High - Compatible with most open source and commercial use</li>
80
+ <li>Patent Grants: Included, sufficient for most use cases</li>
81
+ <li>Attribution Requirements: Standard MIT attribution required</li>
82
+ </ul>
83
+
84
+ <h3>Analysis</h3>
85
+ <p>The MIT license is one of the most permissive and widely used open source licenses. It allows for commercial use, modification, distribution, and private use. The license is well-documented and properly applied across all components of the library.</p>
86
+
87
+ <div class="recommendation">
88
+ <h3>Recommendations</h3>
89
+ <p>No critical issues found. For maximum compliance:</p>
90
+ <ul>
91
+ <li>Maintain license attribution in all derivative works</li>
92
+ <li>Monitor 3rd party dependencies for license compatibility issues</li>
93
+ </ul>
94
+ </div>
95
+ </div>
96
+
97
+ <div class="risk-domain">
98
+ <h2>Security Assessment</h2>
99
+ <p>Risk Score: <span class="risk-score risk-medium">4.8 / 10</span> (Medium Risk)</p>
100
+
101
+ <h3>Identified Vulnerabilities</h3>
102
+ <table>
103
+ <tr>
104
+ <th>Vulnerability ID</th>
105
+ <th>Description</th>
106
+ <th>Severity</th>
107
+ <th>Status</th>
108
+ </tr>
109
+ <tr>
110
+ <td>CVE-2025-8901</td>
111
+ <td>Remote code execution via template injection in prompt templates</td>
112
+ <td>High</td>
113
+ <td>Patched in v0.1.1</td>
114
+ </tr>
115
+ <tr>
116
+ <td>CVE-2025-9023</td>
117
+ <td>Information disclosure through cache storage</td>
118
+ <td>Medium</td>
119
+ <td>Patched in v0.1.1</td>
120
+ </tr>
121
+ <tr>
122
+ <td>LVW-LC-2025-003</td>
123
+ <td>Data leakage through debug logs</td>
124
+ <td>Low</td>
125
+ <td>Unresolved</td>
126
+ </tr>
127
+ </table>
128
+
129
+ <h3>Security Controls</h3>
130
+ <ul>
131
+ <li>Input validation: Partial implementation</li>
132
+ <li>Authentication controls: Limited</li>
133
+ <li>Sandboxing: Not implemented for all components</li>
134
+ <li>Sensitive data handling: Basic implementation</li>
135
+ </ul>
136
+
137
+ <div class="recommendation">
138
+ <h3>Recommendations</h3>
139
+ <ul>
140
+ <li>Upgrade to v0.1.1 or later to address known vulnerabilities</li>
141
+ <li>Implement stronger input validation for all prompt templates</li>
142
+ <li>Enable sandboxing for all chain executions</li>
143
+ <li>Review and improve logging practices to prevent data leakage</li>
144
+ </ul>
145
+ </div>
146
+ </div>
147
+
148
+ <div class="risk-domain">
149
+ <h2>Maintenance Health</h2>
150
+ <p>Risk Score: <span class="risk-score risk-low">1.2 / 10</span> (Low Risk)</p>
151
+
152
+ <h3>Key Metrics</h3>
153
+ <ul>
154
+ <li>Active Contributors: 42</li>
155
+ <li>Release Frequency: High (every 2-3 weeks)</li>
156
+ <li>Issue Response Time: 1.2 days (average)</li>
157
+ <li>Open vs. Closed Issues Ratio: 0.12 (healthy)</li>
158
+ <li>Test Coverage: 87%</li>
159
+ </ul>
160
+
161
+ <h3>Governance Model</h3>
162
+ <p>The project is maintained by LangChain AI with a well-structured governance model. The core team is actively involved and responsive. The project has a clear contribution guide and code of conduct.</p>
163
+
164
+ <div class="recommendation">
165
+ <h3>Recommendations</h3>
166
+ <p>The maintenance health is excellent. To maintain this standard:</p>
167
+ <ul>
168
+ <li>Continue regular security reviews</li>
169
+ <li>Maintain current level of test coverage</li>
170
+ <li>Consider formalizing the security response process</li>
171
+ </ul>
172
+ </div>
173
+ </div>
174
+
175
+ <div class="risk-domain">
176
+ <h2>Dependency Management</h2>
177
+ <p>Risk Score: <span class="risk-score risk-low">3.7 / 10</span> (Low-Medium Risk)</p>
178
+
179
+ <h3>Dependency Analysis</h3>
180
+ <ul>
181
+ <li>Direct Dependencies: 24</li>
182
+ <li>Transitive Dependencies: 78</li>
183
+ <li>Vulnerable Dependencies: 2</li>
184
+ <li>Outdated Dependencies: 5</li>
185
+ </ul>
186
+
187
+ <h3>Supply Chain Security</h3>
188
+ <p>The project uses package signing and dependency locking. However, not all dependencies have SBOM (Software Bill of Materials) available.</p>
189
+
190
+ <div class="recommendation">
191
+ <h3>Recommendations</h3>
192
+ <ul>
193
+ <li>Update the 5 outdated dependencies identified</li>
194
+ <li>Replace or patch the 2 vulnerable dependencies</li>
195
+ <li>Generate and publish SBOM for better supply chain transparency</li>
196
+ <li>Implement automated dependency scanning in CI/CD</li>
197
+ </ul>
198
+ </div>
199
+ </div>
200
+
201
+ <div class="risk-domain">
202
+ <h2>Regulatory Compliance</h2>
203
+ <p>Risk Score: <span class="risk-score risk-medium">5.2 / 10</span> (Medium Risk)</p>
204
+
205
+ <h3>Compliance Readiness</h3>
206
+ <table>
207
+ <tr>
208
+ <th>Regulation</th>
209
+ <th>Readiness Level</th>
210
+ <th>Key Gaps</th>
211
+ </tr>
212
+ <tr>
213
+ <td>GDPR</td>
214
+ <td>Medium</td>
215
+ <td>Data retention controls, right to be forgotten</td>
216
+ </tr>
217
+ <tr>
218
+ <td>CCPA</td>
219
+ <td>Medium</td>
220
+ <td>Data inventory mechanisms</td>
221
+ </tr>
222
+ <tr>
223
+ <td>AI Act (EU)</td>
224
+ <td>Low</td>
225
+ <td>Risk assessment, transparency documentation</td>
226
+ </tr>
227
+ </table>
228
+
229
+ <h3>Documentation Quality</h3>
230
+ <p>Documentation on regulatory aspects is present but not comprehensive. Data privacy features are documented at a basic level, but implementation details and guidance on regulatory compliance are limited.</p>
231
+
232
+ <div class="recommendation">
233
+ <h3>Recommendations</h3>
234
+ <ul>
235
+ <li>Develop detailed guidance for GDPR and CCPA compliance when using the library</li>
236
+ <li>Implement data retention controls and mechanisms for data deletion</li>
237
+ <li>Create AI Act compliance documentation templates</li>
238
+ <li>Enhance explainability features for high-risk use cases</li>
239
+ </ul>
240
+ </div>
241
+ </div>
242
+
243
+ <footer>
244
+ <p>© 2025 LibVulnWatch - This report reflects the state of the library at the time of assessment.</p>
245
+ <p>For questions or clarifications, contact: [email protected]</p>
246
+ </footer>
247
+ </body>
248
+ </html>
reports/microsoft_autogen_v0.2.0.html ADDED
@@ -0,0 +1,341 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>LibVulnWatch Report: Microsoft AutoGen v0.2.0</title>
7
+ <style>
8
+ body {
9
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
10
+ line-height: 1.6;
11
+ color: #333;
12
+ max-width: 1200px;
13
+ margin: 0 auto;
14
+ padding: 20px;
15
+ }
16
+ header {
17
+ text-align: center;
18
+ margin-bottom: 30px;
19
+ background-color: #0078d4;
20
+ color: white;
21
+ padding: 20px;
22
+ border-radius: 8px;
23
+ }
24
+ h1, h2 {
25
+ color: #0078d4;
26
+ }
27
+ header h1, header h2 {
28
+ color: white;
29
+ }
30
+ .risk-domain {
31
+ margin-bottom: 40px;
32
+ border: 1px solid #ddd;
33
+ padding: 20px;
34
+ border-radius: 8px;
35
+ box-shadow: 0 2px 4px rgba(0,0,0,0.1);
36
+ }
37
+ .risk-score {
38
+ font-size: 24px;
39
+ font-weight: bold;
40
+ }
41
+ .risk-low {
42
+ color: green;
43
+ }
44
+ .risk-medium {
45
+ color: orange;
46
+ }
47
+ .risk-high {
48
+ color: red;
49
+ }
50
+ table {
51
+ width: 100%;
52
+ border-collapse: collapse;
53
+ margin: 20px 0;
54
+ }
55
+ th, td {
56
+ border: 1px solid #ddd;
57
+ padding: 12px;
58
+ text-align: left;
59
+ }
60
+ th {
61
+ background-color: #f2f2f2;
62
+ }
63
+ .recommendation {
64
+ background-color: #f0f6ff;
65
+ padding: 15px;
66
+ border-left: 4px solid #0078d4;
67
+ margin: 20px 0;
68
+ }
69
+ .summary-chart {
70
+ display: flex;
71
+ justify-content: space-between;
72
+ margin: 20px 0;
73
+ }
74
+ .chart-bar {
75
+ height: 20px;
76
+ background: linear-gradient(to right, green, orange, red);
77
+ border-radius: 4px;
78
+ position: relative;
79
+ width: 100%;
80
+ }
81
+ .chart-marker {
82
+ position: absolute;
83
+ height: 30px;
84
+ width: 4px;
85
+ background-color: black;
86
+ top: -5px;
87
+ }
88
+ </style>
89
+ </head>
90
+ <body>
91
+ <header>
92
+ <h1>Vulnerability Assessment Report</h1>
93
+ <h2>Microsoft AutoGen v0.2.0</h2>
94
+ <p>Assessment Date: May 3, 2025</p>
95
+ <p>Assessment ID: ghi789</p>
96
+ </header>
97
+
98
+ <section>
99
+ <h2>Executive Summary</h2>
100
+ <p>Microsoft AutoGen is an agent framework that enables the development of LLM applications using multiple agents. The library demonstrates moderate risk overall, with specific concerns in security and regulatory compliance domains, while maintaining strong licensing practices.</p>
101
+
102
+ <div class="summary-chart">
103
+ <div style="width: 48%;">
104
+ <h3>Overall Risk: Medium (5.4/10)</h3>
105
+ <div class="chart-bar">
106
+ <div class="chart-marker" style="left: 54%;"></div>
107
+ </div>
108
+ <div style="display: flex; justify-content: space-between; margin-top: 5px;">
109
+ <span>Low Risk</span>
110
+ <span>Medium Risk</span>
111
+ <span>High Risk</span>
112
+ </div>
113
+ </div>
114
+ <div style="width: 48%;">
115
+ <table>
116
+ <tr>
117
+ <th>Risk Domain</th>
118
+ <th>Score</th>
119
+ <th>Level</th>
120
+ </tr>
121
+ <tr>
122
+ <td>License Validation</td>
123
+ <td>3.1/10</td>
124
+ <td class="risk-low">Low</td>
125
+ </tr>
126
+ <tr>
127
+ <td>Security Assessment</td>
128
+ <td>6.7/10</td>
129
+ <td class="risk-medium">Medium</td>
130
+ </tr>
131
+ <tr>
132
+ <td>Maintenance Health</td>
133
+ <td>2.8/10</td>
134
+ <td class="risk-low">Low</td>
135
+ </tr>
136
+ <tr>
137
+ <td>Dependency Management</td>
138
+ <td>5.5/10</td>
139
+ <td class="risk-medium">Medium</td>
140
+ </tr>
141
+ <tr>
142
+ <td>Regulatory Compliance</td>
143
+ <td>7.2/10</td>
144
+ <td class="risk-high">High</td>
145
+ </tr>
146
+ </table>
147
+ </div>
148
+ </div>
149
+ </section>
150
+
151
+ <div class="risk-domain">
152
+ <h2>License Validation</h2>
153
+ <p>Risk Score: <span class="risk-score risk-low">3.1 / 10</span> (Low Risk)</p>
154
+
155
+ <h3>Key Findings</h3>
156
+ <ul>
157
+ <li>License Type: MIT License</li>
158
+ <li>License Compatibility: High - Compatible with most open source and commercial use</li>
159
+ <li>Patent Provisions: Standard MIT terms</li>
160
+ <li>Attribution Requirements: Standard attribution notice required</li>
161
+ </ul>
162
+
163
+ <h3>Analysis</h3>
164
+ <p>Microsoft AutoGen uses the MIT license consistently across its codebase. The license is well-documented and centrally located. All source files contain appropriate copyright notices.</p>
165
+
166
+ <div class="recommendation">
167
+ <h3>Recommendations</h3>
168
+ <ul>
169
+ <li>Maintain clear attribution requirements in documentation</li>
170
+ <li>Consider adding a NOTICE file listing all third-party components and their licenses</li>
171
+ </ul>
172
+ </div>
173
+ </div>
174
+
175
+ <div class="risk-domain">
176
+ <h2>Security Assessment</h2>
177
+ <p>Risk Score: <span class="risk-score risk-medium">6.7 / 10</span> (Medium Risk)</p>
178
+
179
+ <h3>Identified Vulnerabilities</h3>
180
+ <table>
181
+ <tr>
182
+ <th>Vulnerability ID</th>
183
+ <th>Description</th>
184
+ <th>Severity</th>
185
+ <th>Status</th>
186
+ </tr>
187
+ <tr>
188
+ <td>LVW-AG-2025-001</td>
189
+ <td>Code injection via unvalidated message inputs</td>
190
+ <td>High</td>
191
+ <td>Unresolved</td>
192
+ </tr>
193
+ <tr>
194
+ <td>LVW-AG-2025-002</td>
195
+ <td>Agent termination denial of service</td>
196
+ <td>Medium</td>
197
+ <td>Partial mitigation</td>
198
+ </tr>
199
+ <tr>
200
+ <td>LVW-AG-2025-003</td>
201
+ <td>Information disclosure through agent memory logs</td>
202
+ <td>Medium</td>
203
+ <td>Unresolved</td>
204
+ </tr>
205
+ <tr>
206
+ <td>LVW-AG-2025-004</td>
207
+ <td>Prompt injection in agent-to-agent communication</td>
208
+ <td>High</td>
209
+ <td>Unresolved</td>
210
+ </tr>
211
+ <tr>
212
+ <td>LVW-AG-2025-005</td>
213
+ <td>Insecure default configurations</td>
214
+ <td>Medium</td>
215
+ <td>Unresolved</td>
216
+ </tr>
217
+ </table>
218
+
219
+ <h3>Security Controls</h3>
220
+ <ul>
221
+ <li>Input validation: Limited implementation</li>
222
+ <li>Authentication controls: Basic</li>
223
+ <li>Sandboxing: Partial implementation</li>
224
+ <li>Rate limiting: Implemented</li>
225
+ <li>Output filtering: Not implemented</li>
226
+ </ul>
227
+
228
+ <div class="recommendation">
229
+ <h3>Recommendations</h3>
230
+ <ul>
231
+ <li>Implement comprehensive input validation for all agent communication</li>
232
+ <li>Add output filtering to prevent potential information leakage</li>
233
+ <li>Improve sandboxing for code execution capabilities</li>
234
+ <li>Create secure default configurations</li>
235
+ <li>Implement a formal security review process for new features</li>
236
+ </ul>
237
+ </div>
238
+ </div>
239
+
240
+ <div class="risk-domain">
241
+ <h2>Maintenance Health</h2>
242
+ <p>Risk Score: <span class="risk-score risk-low">2.8 / 10</span> (Low Risk)</p>
243
+
244
+ <h3>Key Metrics</h3>
245
+ <ul>
246
+ <li>Active Contributors: 28</li>
247
+ <li>Release Frequency: High (every 3-4 weeks)</li>
248
+ <li>Issue Response Time: 1.8 days (average)</li>
249
+ <li>Open vs. Closed Issues Ratio: 0.22 (healthy)</li>
250
+ <li>Test Coverage: 78%</li>
251
+ </ul>
252
+
253
+ <h3>Governance Model</h3>
254
+ <p>The project is maintained by Microsoft with a clear governance structure. The core team is actively involved in development, and Microsoft provides dedicated resources to ensure the project's sustainability.</p>
255
+
256
+ <div class="recommendation">
257
+ <h3>Recommendations</h3>
258
+ <ul>
259
+ <li>Increase test coverage to at least 85%</li>
260
+ <li>Formalize the security vulnerability reporting and response process</li>
261
+ <li>Establish clearer guidelines for community contributions</li>
262
+ </ul>
263
+ </div>
264
+ </div>
265
+
266
+ <div class="risk-domain">
267
+ <h2>Dependency Management</h2>
268
+ <p>Risk Score: <span class="risk-score risk-medium">5.5 / 10</span> (Medium Risk)</p>
269
+
270
+ <h3>Dependency Analysis</h3>
271
+ <ul>
272
+ <li>Direct Dependencies: 18</li>
273
+ <li>Transitive Dependencies: 42</li>
274
+ <li>Vulnerable Dependencies: 4</li>
275
+ <li>Outdated Dependencies: 7</li>
276
+ </ul>
277
+
278
+ <h3>Supply Chain Security</h3>
279
+ <p>The project lacks comprehensive dependency scanning in CI/CD pipelines. No formal Software Bill of Materials (SBOM) is available, making it difficult to track transitive dependencies.</p>
280
+
281
+ <div class="recommendation">
282
+ <h3>Recommendations</h3>
283
+ <ul>
284
+ <li>Update or replace the 4 vulnerable dependencies</li>
285
+ <li>Implement automated dependency scanning in CI/CD</li>
286
+ <li>Generate and publish SBOM with each release</li>
287
+ <li>Add dependency pinning for all production dependencies</li>
288
+ <li>Establish a dependency update policy</li>
289
+ </ul>
290
+ </div>
291
+ </div>
292
+
293
+ <div class="risk-domain">
294
+ <h2>Regulatory Compliance</h2>
295
+ <p>Risk Score: <span class="risk-score risk-high">7.2 / 10</span> (High Risk)</p>
296
+
297
+ <h3>Compliance Readiness</h3>
298
+ <table>
299
+ <tr>
300
+ <th>Regulation</th>
301
+ <th>Readiness Level</th>
302
+ <th>Key Gaps</th>
303
+ </tr>
304
+ <tr>
305
+ <td>GDPR</td>
306
+ <td>Low</td>
307
+ <td>Data minimization, storage limitations, processing logs</td>
308
+ </tr>
309
+ <tr>
310
+ <td>CCPA</td>
311
+ <td>Low</td>
312
+ <td>User data tracking, deletion mechanisms</td>
313
+ </tr>
314
+ <tr>
315
+ <td>AI Act (EU)</td>
316
+ <td>Very Low</td>
317
+ <td>Risk categorization, transparency documentation, human oversight features</td>
318
+ </tr>
319
+ </table>
320
+
321
+ <h3>Documentation Quality</h3>
322
+ <p>Documentation is minimal regarding regulatory and compliance considerations. No guidance is provided for deploying the library in regulated environments or for ensuring compliance with relevant legal frameworks.</p>
323
+
324
+ <div class="recommendation">
325
+ <h3>Recommendations</h3>
326
+ <ul>
327
+ <li>Develop comprehensive compliance documentation for high-risk applications</li>
328
+ <li>Implement features to support GDPR compliance (data minimization, deletion)</li>
329
+ <li>Create audit logging capabilities for agent actions</li>
330
+ <li>Add transparency tools for monitoring and explaining agent decisions</li>
331
+ <li>Develop implementation guidance for regulated industries</li>
332
+ </ul>
333
+ </div>
334
+ </div>
335
+
336
+ <footer>
337
+ <p>© 2025 LibVulnWatch - This report reflects the state of the library at the time of assessment.</p>
338
+ <p>For questions or clarifications, contact: [email protected]</p>
339
+ </footer>
340
+ </body>
341
+ </html>
reports/pytorch_pytorch_v2.1.0.md ADDED
@@ -0,0 +1,133 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Vulnerability Assessment Report: PyTorch v2.1.0
2
+
3
+ **Report Date:** May 2, 2025
4
+ **Assessment ID:** def456
5
+
6
+ ## Executive Summary
7
+
8
+ PyTorch v2.1.0 demonstrates strong security practices with a few areas for improvement. The library has **low overall risk (2.7/10)** with particularly strong maintenance and licensing practices. Primary concerns are in dependency management and a few pending security issues.
9
+
10
+ ### Risk Score Breakdown
11
+
12
+ | Risk Domain | Score | Risk Level |
13
+ | --------------------- | ------ | ---------- |
14
+ | License Validation | 1.8/10 | Low |
15
+ | Security Assessment | 3.2/10 | Low-Medium |
16
+ | Maintenance Health | 2.0/10 | Low |
17
+ | Dependency Management | 2.5/10 | Low |
18
+ | Regulatory Compliance | 4.1/10 | Medium |
19
+
20
+ ## 1. License Validation
21
+
22
+ **Score: 1.8/10 (Low Risk)**
23
+
24
+ PyTorch is licensed under the BSD-3-Clause license, which is permissive and compatible with most commercial and open-source applications. The license is properly applied across all repository components with clear attribution guidelines.
25
+
26
+ ### Key Findings:
27
+
28
+ - License type: BSD-3-Clause
29
+ - Patent protection: Present and adequate
30
+ - License compliance: High (proper notices in all files)
31
+ - License compatibility: High with most ecosystems
32
+
33
+ ### Recommendations:
34
+
35
+ - Continue maintaining clear license documentation
36
+ - Consider providing guidance on license compliance for extensions and derivatives
37
+
38
+ ## 2. Security Assessment
39
+
40
+ **Score: 3.2/10 (Low-Medium Risk)**
41
+
42
+ PyTorch exhibits good security practices with a few areas of concern. The security team is responsive, and vulnerabilities are addressed promptly.
43
+
44
+ ### Identified Vulnerabilities:
45
+
46
+ - CVE-2025-7712: Memory corruption in C++ extensions (Patched)
47
+ - CVE-2025-7713: Incorrect validation in serialization routines (Patched)
48
+
49
+ ### Security Controls:
50
+
51
+ - Input validation: Well-implemented
52
+ - Memory safety controls: Strong
53
+ - Code signing: Present
54
+ - Dependency validation: Present but not comprehensive
55
+
56
+ ### Recommendations:
57
+
58
+ - Enhance serialization validation for untrusted inputs
59
+ - Implement more rigorous fuzzing in the CI pipeline
60
+ - Further improve CUDA extension memory safety checks
61
+
62
+ ## 3. Maintenance Health
63
+
64
+ **Score: 2.0/10 (Low Risk)**
65
+
66
+ PyTorch demonstrates excellent maintenance practices with a large active community and regular release cadence.
67
+
68
+ ### Key Metrics:
69
+
70
+ - 156 active contributors in the last 6 months
71
+ - Average PR review time: 2.5 days
72
+ - Release frequency: Every 4-6 weeks
73
+ - Test coverage: 92%
74
+ - Issue response time: Medium (3.2 days average)
75
+
76
+ ### Recommendations:
77
+
78
+ - Continue the current maintenance practices
79
+ - Consider improving documentation for new contributors
80
+
81
+ ## 4. Dependency Management
82
+
83
+ **Score: 2.5/10 (Low Risk)**
84
+
85
+ PyTorch has a well-managed dependency tree with minimal vulnerable components.
86
+
87
+ ### Key Findings:
88
+
89
+ - Direct dependencies: 18
90
+ - Transitive dependencies: 42
91
+ - Vulnerable dependencies: 1 (low severity)
92
+ - SBOM available: Yes
93
+ - Dependency update process: Well-documented
94
+
95
+ ### Recommendations:
96
+
97
+ - Update the identified vulnerable dependency
98
+ - Implement automated dependency scanning in nightly builds
99
+
100
+ ## 5. Regulatory Compliance
101
+
102
+ **Score: 4.1/10 (Medium Risk)**
103
+
104
+ PyTorch provides basic documentation for regulatory considerations but could improve its guidance for compliance-sensitive deployments.
105
+
106
+ ### Key Compliance Areas:
107
+
108
+ - AI/ML regulatory frameworks: Basic documentation
109
+ - Data protection features: Limited
110
+ - Model transparency tools: Good implementation
111
+ - Audit capabilities: Limited
112
+
113
+ ### Recommendations:
114
+
115
+ - Enhance documentation specific to EU AI Act compliance
116
+ - Provide better guidance on implementing data minimization
117
+ - Develop tools for model explanations in compliance-sensitive contexts
118
+
119
+ ---
120
+
121
+ ## Appendix: Assessment Methodology
122
+
123
+ This assessment was conducted using the LibVulnWatch methodology, which includes:
124
+
125
+ - Static code analysis
126
+ - Dependency scanning
127
+ - License validation
128
+ - Maintenance metrics analysis
129
+ - Expert review of security controls
130
+
131
+ For questions about this report, contact [email protected].
132
+
133
+ © 2025 LibVulnWatch
src/display/formatting.py CHANGED
@@ -1,6 +1,7 @@
1
  """Helper functions to style our gradio elements"""
2
 
3
  import re
 
4
 
5
  def model_hyperlink(link, model_name):
6
  return f'<a target="_blank" href="{link}" style="color: var(--link-text-color); text-decoration: underline;text-decoration-style: dotted;">{model_name}</a>'
@@ -11,6 +12,25 @@ def make_clickable_model(model_name):
11
  return model_hyperlink(link, model_name)
12
 
13
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  def styled_error(error):
15
  return f"<p style='color: red; font-size: 20px; text-align: center;'>{error}</p>"
16
 
 
1
  """Helper functions to style our gradio elements"""
2
 
3
  import re
4
+ import os
5
 
6
  def model_hyperlink(link, model_name):
7
  return f'<a target="_blank" href="{link}" style="color: var(--link-text-color); text-decoration: underline;text-decoration-style: dotted;">{model_name}</a>'
 
12
  return model_hyperlink(link, model_name)
13
 
14
 
15
+ def make_clickable_report(report_url):
16
+ """Create a clickable link to the assessment report
17
+
18
+ If the report_url is a full URL (starts with http), use it directly
19
+ Otherwise, assume it's a local file path and construct a local link
20
+ """
21
+ if not report_url:
22
+ return ""
23
+
24
+ # Check if this is a URL or local file reference
25
+ if report_url.startswith("http"):
26
+ # External URL, use as is
27
+ return f'<a href="{report_url}" target="_blank">📝 View Report</a>'
28
+ else:
29
+ # Local file reference, create a relative path to the public directory
30
+ report_path = f"file/reports/{report_url}"
31
+ return f'<a href="{report_path}" target="_blank">📝 View Report (Local)</a>'
32
+
33
+
34
  def styled_error(error):
35
  return f"<p style='color: red; font-size: 20px; text-align: center;'>{error}</p>"
36
 
src/display/utils.py CHANGED
@@ -39,6 +39,7 @@ auto_eval_column_dict.append(["stars", ColumnContent, ColumnContent("GitHub ⭐"
39
  auto_eval_column_dict.append(["last_update", ColumnContent, ColumnContent("Last Updated", "str", False)])
40
  auto_eval_column_dict.append(["verified", ColumnContent, ColumnContent("Independently Verified", "bool", False)])
41
  auto_eval_column_dict.append(["availability", ColumnContent, ColumnContent("Active Maintenance", "bool", True)])
 
42
 
43
  # We use make dataclass to dynamically fill the scores from Tasks
44
  AutoEvalColumn = make_dataclass("AutoEvalColumn", auto_eval_column_dict, frozen=True)
 
39
  auto_eval_column_dict.append(["last_update", ColumnContent, ColumnContent("Last Updated", "str", False)])
40
  auto_eval_column_dict.append(["verified", ColumnContent, ColumnContent("Independently Verified", "bool", False)])
41
  auto_eval_column_dict.append(["availability", ColumnContent, ColumnContent("Active Maintenance", "bool", True)])
42
+ auto_eval_column_dict.append(["report_url", ColumnContent, ColumnContent("Report", "markdown", True)])
43
 
44
  # We use make dataclass to dynamically fill the scores from Tasks
45
  AutoEvalColumn = make_dataclass("AutoEvalColumn", auto_eval_column_dict, frozen=True)
src/leaderboard/read_evals.py CHANGED
@@ -7,7 +7,7 @@ from datetime import datetime
7
 
8
  import numpy as np
9
 
10
- from src.display.formatting import make_clickable_library
11
  from src.display.utils import AutoEvalColumn, LibraryType, Tasks, Language, AssessmentStatus
12
 
13
 
@@ -29,6 +29,7 @@ class AssessmentResult:
29
  last_update: str = ""
30
  availability: bool = True
31
  verified: bool = False
 
32
 
33
  @classmethod
34
  def init_from_json_file(self, json_filepath):
@@ -86,6 +87,7 @@ class AssessmentResult:
86
  availability=assessment.get("active_maintenance", True),
87
  verified=assessment.get("independently_verified", False),
88
  last_update=last_update,
 
89
  )
90
 
91
  def update_with_request_file(self, requests_path):
@@ -136,6 +138,7 @@ class AssessmentResult:
136
  AutoEvalColumn.last_update.name: self.last_update,
137
  AutoEvalColumn.verified.name: self.verified,
138
  AutoEvalColumn.availability.name: self.availability,
 
139
  }
140
 
141
  # Add task-specific risk scores - map to display column names
 
7
 
8
  import numpy as np
9
 
10
+ from src.display.formatting import make_clickable_library, make_clickable_report
11
  from src.display.utils import AutoEvalColumn, LibraryType, Tasks, Language, AssessmentStatus
12
 
13
 
 
29
  last_update: str = ""
30
  availability: bool = True
31
  verified: bool = False
32
+ report_url: str = "" # URL to detailed assessment report
33
 
34
  @classmethod
35
  def init_from_json_file(self, json_filepath):
 
87
  availability=assessment.get("active_maintenance", True),
88
  verified=assessment.get("independently_verified", False),
89
  last_update=last_update,
90
+ report_url=assessment.get("report_url", ""),
91
  )
92
 
93
  def update_with_request_file(self, requests_path):
 
138
  AutoEvalColumn.last_update.name: self.last_update,
139
  AutoEvalColumn.verified.name: self.verified,
140
  AutoEvalColumn.availability.name: self.availability,
141
+ AutoEvalColumn.report_url.name: make_clickable_report(self.report_url),
142
  }
143
 
144
  # Add task-specific risk scores - map to display column names