From 949a8139f3d34b305adbfc4660d66c1791f32640 Mon Sep 17 00:00:00 2001 From: Advait Patel Date: Fri, 22 May 2026 10:59:48 -0500 Subject: [PATCH 1/2] Apply suggested fix to docs/SECURITY.md from Copilot Autofix Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com> --- docs/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/SECURITY.md b/docs/SECURITY.md index 1f825c4..c2ac437 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -99,7 +99,7 @@ Ensure your network security policies allow these connections if needed. ### 1. AI Model Limitations -- DockSec uses OpenAI's GPT-4 for analysis +- DockSec supports multiple LLM providers for AI analysis (including OpenAI when configured) - AI recommendations should be reviewed by security professionals - AI models can make mistakes or miss vulnerabilities - Always combine AI analysis with traditional scanning tools From 0f8175cab0589c90183c3bcb498ebfa95f5fa5b4 Mon Sep 17 00:00:00 2001 From: Advait Patel Date: Fri, 22 May 2026 10:59:49 -0500 Subject: [PATCH 2/2] Apply suggested fix to docs/SECURITY.md from Copilot Autofix Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com> --- docs/SECURITY.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/SECURITY.md b/docs/SECURITY.md index c2ac437..124b25a 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -53,18 +53,26 @@ We will make every effort to respond to your report according to the following t ### API Key Security -DockSec uses OpenAI API keys for AI-powered analysis. To keep your keys secure: +DockSec supports multiple LLM providers (including OpenAI, Anthropic, Google, and Ollama). To keep your provider credentials secure: 1. **Never commit API keys** to version control ```bash # Use environment variables - export OPENAI_API_KEY="your-key-here" + export OPENAI_API_KEY="your-openai-key" + export ANTHROPIC_API_KEY="your-anthropic-key" + export GOOGLE_API_KEY="your-google-key" + export OLLAMA_API_KEY="your-ollama-key" # Or use a .env file (ensure it's in .gitignore) - echo "OPENAI_API_KEY=your-key-here" > .env + cat < .env + OPENAI_API_KEY=your-openai-key + ANTHROPIC_API_KEY=your-anthropic-key + GOOGLE_API_KEY=your-google-key + OLLAMA_API_KEY=your-ollama-key + EOF ``` -2. **Restrict API key permissions** in your OpenAI dashboard +2. **Restrict API key permissions** in each provider dashboard 3. **Rotate keys regularly**, especially if they may have been exposed 4. **Monitor API usage** for unexpected activity