Fixing documentation to match new Elements#332
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE320-SQLITE-15208661 - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-15121256 - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-15121256 - https://snyk.io/vuln/SNYK-ALPINE320-BUSYBOX-14102403 - https://snyk.io/vuln/SNYK-ALPINE320-BUSYBOX-14102404
…6fd7 [Snyk] Security upgrade python from alpine3.20 to 3.15-rc-slim-trixie
colesmj
left a comment
There was a problem hiding this comment.
Changes look good. At some point it would be worthwhile revisiting LLM specifically (vs GenAI Model, perhaps) but not a blocker for this PR.
|
@izar @colesmj Not sure if this really relates to this MR... just a general note: In general the risk related to LLM and agent usage heavily depends on where the data processing happens. E.g. if local or self-hosted LLMs are used technologically there is way less risk for all of https://github.com/OWASP/pytm/pull/332/changes#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R552-R565 (despite of hard-coded secret which might end up in git histories and code). The degree of risk remaining depends on the backend/infrastructure used of course. |
|
@fkromer as much everything, the devil is in the details :D |
|
@izar Yes, this hint is better placed as a hint in https://github.com/izar/tm_skills I guess. |
Added LLM and Agent, to tm.py and readme.