// AI TOOLKIT

AI for secure DevOps workflows

Five structured-output LLM tools, one YAML generator, and a RAG chatbot — powered by Groq with local RAG embeddings. They show, end-to-end, how AI can plug into a DevSecOps lifecycle: review IaC, harden Kubernetes, generate pipelines, threat-model architectures, analyze control gaps, and answer questions about my work.

Review & Hardening
IaC Security Scanner

Paste Terraform / Kubernetes YAML / Dockerfile. Get severity-graded findings, references, and concrete remediations.

Input: IaC snippet · Output: JSON findings
Open →
Kubernetes Hardening Advisor

Paste a workload manifest. Get hardened YAML, implemented controls, residual risks, and kubectl validation commands.

Input: Kubernetes YAML · Output: Hardened YAML
Open →
Delivery
Secure Pipeline Generator

Describe an app. Get a hardened CI/CD pipeline with SAST, SCA, secret scanning, SBOM, container scanning, and OIDC.

Input: App profile · Output: Pipeline YAML
Open →
Architecture & Governance
STRIDE Threat Modeler

Describe an architecture. Receive a STRIDE threat model with impact, likelihood, assumptions, and mitigations.

Input: Architecture notes · Output: STRIDE model
Open →
Security Control Gap Analyzer

Describe a cloud environment. Get prioritized missing controls, evidence to collect, quick wins, and a 30/60/90 roadmap.

Input: Environment summary · Output: Roadmap
Open →
Portfolio RAG
CV Chatbot

Open the floating widget bottom-right. Ask anything about my Azure security, DevOps, and AI work grounded in my CV.

Input: Question · Output: RAG answer
Open →
// HOW IT WORKS

Groq API, structured prompts, local RAG

  • All AI tools talk to the Groq API through one provider adapter (default model: openai/gpt-oss-120b). Swap models by editing GROQ_MODEL.
  • The scanner, hardener, threat modeler, and gap analyzer use Groq's JSON response format plus tight system prompts to force structured output the UI can render as cards.
  • The chatbot is a small RAG pipeline: my CV in markdown → chunked → embedded locally with ChromaDB's default embedding model → stored in ChromaDB → retrieved per query and injected into the system prompt.
  • Pipeline generator returns YAML with inline # comments explaining every security control.