bug-buster-ai
by dilettacal
Overview
A cybersecurity AI agent that analyzes Python code for vulnerabilities using OpenAI's LLMs and Semgrep, deployable on Azure and GCP.
Installation
docker build -t bug-buster . && docker run --rm --name bug-buster -p 8000:8000 --env-file .env bug-busterEnvironment Variables
- OPENAI_API_KEY
- SEMGREP_APP_TOKEN
- ENVIRONMENT
Security Notes
The `backend/airline.py` file, which is part of the provided source code, contains a `calculate` function that uses `eval(expr)`. If this function were exposed to untrusted user input, it would be a severe remote code execution vulnerability. While `backend/server.py` (the core API) does not appear to directly use this `airline.py` file, its presence in the repository's backend makes it a significant security risk if the architecture were ever changed or if `airline.py` were invoked in an insecure context. Other aspects, like handling API keys via Key Vault and OIDC for deployment, are good practices. Diagnostic endpoints `/network-test` and `/semgrep-test` provide system information, which could be a minor information disclosure risk, but are common for health checks.
Similar Servers
zenfeed
An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.
cupertino
Cupertino is an Apple Documentation Crawler and Model Context Protocol (MCP) server, designed to crawl, index, and serve Apple's developer documentation, Swift Evolution proposals, and sample code to AI agents like Claude, enabling accurate, up-to-date, and offline API knowledge.
mcp-server-computer
This server acts as a Spring AI MCP Server component to provide cross-platform computer configuration information (OS, user, Java, and platform-specific details) to an AI agent.
meds-mcp
Provides a medical context protocol (MCP) server and a React-based chat interface for interacting with patient records via LLMs and medical ontologies, facilitating evidence review and patient data exploration.