██████╗ ██████╗ ██╗███████╗███████╗
██╔══██╗██╔══██╗██║██╔════╝██╔════╝
██████╔╝██████╔╝██║█████╗ █████╗
██╔══██╗██╔══██╗██║██╔══╝ ██╔══╝
██████╔╝██║ ██║██║███████╗██║
╚═════╝ ╚═╝ ╚═╝╚═╝╚══════╝╚═╝
your stack's daily security digest
Your stack's daily security digest. Not the firehose — yours.
brief is a CVE/advisory digest agent. You declare your stack in YAML. brief polls NVD, CISA's Known Exploited Vulnerabilities catalog, and GitHub Security Advisories, filters to entries that touch your stack, and posts a digest to stdout, a markdown file, a Discord webhook, or a Slack webhook.
Optional LLM summarization (any LiteLLM-supported model) turns walls of CVE text into one-paragraph briefings ranked by severity. The tool runs fine without an LLM key — you just get raw filtered entries instead of summaries.
$ brief --config brief.yaml
## brief — 2026-05-13 11:22 UTC
window: last 24h · stack: python, fastapi, postgres · matches: 3
- ▶ CVE-2026-31429 8.1 Buffer overflow in libfoo affecting Python bindings.
- ▶ CVE-2026-31430 KEV Postgres role-escalation via crafted SET ROLE.
- ▶ GHSA-xxxx-yyyy 6.5 FastAPI middleware bypass when X-Forwarded-* is trusted.
CVE feeds are noise. 90% of any given day's NVD pubs are not in any stack you care about. brief is the small daemon that turns that noise into a one-screen daily standup for your security posture.
Designed to be run by cron, GitHub Actions, or a scheduler — once a day, into Discord.
pip install -r requirements.txtCopy brief.example.yaml to brief.yaml and edit:
stack:
- python
- fastapi
- postgres
- redis
- nginx
since_hours: 24
llm:
enabled: true
model: gpt-4o-mini
outputs:
- stdout
# - { type: markdown, path: ./digest.md }
# - { type: discord, webhook: https://discord.com/api/webhooks/... }
# - { type: slack, webhook: https://hooks.slack.com/services/... }brief --config brief.yamlFor LLM summarization set OPENAI_API_KEY (or whatever your chosen provider needs).
| Source | What it provides |
|---|---|
| NVD JSON API | Brand-new CVEs in the chosen lookback window |
| CISA KEV | Known-exploited vulns added in the lookback window |
| GitHub Security Advisories (Atom) | Ecosystem advisories — pip, npm, gem, etc. |
Adding a source is one method in src/brief/sources.py.
| Type | What it does |
|---|---|
stdout |
Pretty-printed markdown to terminal (default) |
markdown |
Writes to a file |
discord |
Posts to a Discord webhook |
slack |
Posts to a Slack incoming webhook |
# .github/workflows/brief.yml
on:
schedule: [{ cron: "0 13 * * *" }]
jobs:
digest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with: { python-version: "3.12" }
- run: pip install -r requirements.txt
- env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
run: python -m brief --config brief.yaml- pentern — Autonomous code-writing recon agent
- orbital — Passive subdomain-takeover scanner
- secmcp — MCP server for passive security tools
- vibe-init — One-command scaffolder for AI-coder configs
- agentlint — Linter for AI-agent config files
MIT. See LICENSE.