Itβs time to bRAG about our v5 Release π which includes, you guessed it, Retrieval Augmented Generation (RAG) π€, Software Component Analysis (SCA) π§βπ» and Software Bill of Materials (SBOM) support π. We have made significant progress as a team and delivered on both AI/ML π€ and the Software Security π domains.
Our design partners and early adopters gave us excellent feedback regarding the features they would like to see in the near term. We also looked at the tech stack that some of our partners are using and we realized that the toolchain is extremely complex and fragmented. With the above knowledge, we pulled in the SCA and SBOM features that were scheduled for later in our product lifecycle to be released in the current 1.0 v5 Release timeframe. We prioritized our customer needs and focussed on solving this pain point of fragmented toolchains and integrated multiple features into a single product. Hence, our customers are now able to perform SCA related tasks along with vulnerability detection immediately π.
On the ML side of things, we went through several iterations and trials of LLM Optimizations. Soon we realized that the base or custom models, as they are designed, are insufficient for complex vulnerability analysis and remediation. For several weeks, we immersed ourselves into Context Optimizations and the development of our RAG strategy. We came up with a custom RAG designed and developed in-house π using industry-leading optimizations in vector storage with partner solutions such as Pinecone π. With these Context and LLM optimizations, our solution is even more robust and reliable πͺ and runs faster as well π. Look out for a future blog where we will detail the improvements with all these latest innovations. Read the basics of RAG, its history, and how customers are using it here: RAG Blog.
In the Cybersecurity world π‘οΈ, we are proud of our acronyms and true to that practice, here are a couple of them that are critical for getting the larger picture of software vulnerability detection – SCA and SBOM. Developers are unknowingly compiling or linking insecure libraries π that are open source or found in unmonitored package repositories. Hence, in addition to scanning for vulnerabilities in their codebase, developers and security analysts are required to scan for vulnerabilities in libraries that are integrated from external sources. We added that capability to provide a cohesive view of vulnerability detection and perform SCA and SBOM analysis seamlessly π. Our SCA, true to our nature, is AI-first, enhanced with our latest ML-based innovations to reduce false positives β and false negatives β.
In addition, we researched what industry-specific reports are being used for SBOM generation and incorporated Software Package Data Exchanges (SPDX) and CycloneDX formats for SBOM analysis and reports π. These standard formats will be familiar for customers who have used legacy SBOM tools and will find the AI enhancements quite valuable. Learn more about SPDX here and CycloneDX here.
With this unified view of Vulnerability Analysis and Software Component Analysis, we are getting closer to our vision of democratizing AI-based Security for our end users π. What features would you like to see on our product roadmap accelerated? Get in touch with us and we will deliver those features in an AI-native and security-first approach π. Look out for more innovations coming from our capable team in the near future π.
Team Pervaziv AI
