I am working on Scharf, an open-source SAST tool to identify and auto-fix 3P GitHub actions those are prone to supply-chain attacks. It is blazing fast and written in Go.
I am building "Scharf", a blazing-fast security scanner for reporting and hardening third-party GitHub actions.
For whoever aware of recent `tj-actions/changed-files` security incident, I built a mutable-reference scanner that performs a deep scan across branches to identify all third-party GitHub actions used in organization Git projects. The output report can be exported to CSV or JSON (default).
Using mutable references (version tags, main/master/dev etc.) is a security vulnerability that can result in supply-chain attacks.
Whispr is created to enable secure software development by simplifying developer experience.
It is easy for developers to place their database credentials in a `.env` file for local testing and accidentally commit them to a version control system.
Even not committed, storing credentials as plain text is a risk as per MITRE ATT&CK Framework: credential access.
Whispr helps you store nothing locally and provides on-demand, Just In Time (JIT) secret access for applications. It supports AWS, Azure and GCP secret vaults.
Best part is no bash scripts nor CLI commands required. The tool is language & application agnostic.
It isn't XML nor JSON, but a DSL built especially for writing prompts. We do not have published benchmarks but running few examples, we see consistent outputs from LLM, and supplements RAG by separating context and using it for enriching prompt.
Looks you still have to make your own template to stringify the prompt that could use JSON/XML/whatever, so this is just stores variations of prompts. Doesn't seem relevant.
It is not just for storing variations of a prompt. It separates context to make intentions clear. Here is a XMl prompt serialized from PromptML program:
That's a great question. Right now, we don't have that feature incorporated, but we do thought about hydrating existing bookmarks and making it part of memory graph. Chrome's bookmark API is so primitive, and we have seen many issues keeping things in sync (being cautious here..).
I took your point down. Thanks for brining it forward.
