mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-19 10:31:51 +00:00
53bb5aff22
Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>
143 lines
3.1 KiB
Markdown
143 lines
3.1 KiB
Markdown
# Getting Started With LLM on Prowler
|
|
|
|
## Overview
|
|
|
|
Prowler's LLM provider enables comprehensive security testing of large language models using red team techniques. It integrates with [promptfoo](https://promptfoo.dev/) to provide extensive security evaluation capabilities.
|
|
|
|
## Prerequisites
|
|
|
|
Before using the LLM provider, ensure the following requirements are met:
|
|
|
|
- **promptfoo installed**: The LLM provider requires promptfoo to be installed on the system
|
|
- **LLM API access**: Valid API keys for the target LLM models to test
|
|
- **Email verification**: promptfoo requires email verification for red team evaluations
|
|
|
|
## Installation
|
|
|
|
### Install promptfoo
|
|
|
|
Install promptfoo using one of the following methods:
|
|
|
|
**Using npm:**
|
|
```bash
|
|
npm install -g promptfoo
|
|
```
|
|
|
|
**Using Homebrew (macOS):**
|
|
```bash
|
|
brew install promptfoo
|
|
```
|
|
|
|
**Using other package managers:**
|
|
See the [promptfoo installation guide](https://promptfoo.dev/docs/installation/) for additional installation methods.
|
|
|
|
### Verify Installation
|
|
|
|
```bash
|
|
promptfoo --version
|
|
```
|
|
|
|
## Configuration
|
|
|
|
### Step 1: Email Verification
|
|
|
|
promptfoo requires email verification for red team evaluations. Set the email address:
|
|
|
|
```bash
|
|
promptfoo config set email your-email@company.com
|
|
```
|
|
|
|
### Step 2: Configure LLM API Keys
|
|
|
|
Set up API keys for the target LLM models. For OpenAI (default configuration):
|
|
|
|
```bash
|
|
export OPENAI_API_KEY="your-openai-api-key"
|
|
```
|
|
|
|
For other providers, see the [promptfoo documentation](https://promptfoo.dev/docs/providers/) for specific configuration requirements.
|
|
|
|
### Step 3: Generate Test Cases (Optional)
|
|
|
|
Prowler provides a default suite of red team tests but to customize the test cases, generate them first:
|
|
|
|
```bash
|
|
promptfoo redteam generate
|
|
```
|
|
|
|
This creates test cases based on your configuration.
|
|
|
|
## Usage
|
|
|
|
### Basic Usage
|
|
|
|
Run LLM security testing with the default configuration:
|
|
|
|
```bash
|
|
prowler llm
|
|
```
|
|
|
|
### Custom Configuration
|
|
|
|
Use a custom promptfoo configuration file:
|
|
|
|
```bash
|
|
prowler llm --config-path /path/to/your/config.yaml
|
|
```
|
|
|
|
### Output Options
|
|
|
|
Generate reports in various formats:
|
|
|
|
```bash
|
|
# JSON output
|
|
prowler llm --output-format json
|
|
|
|
# CSV output
|
|
prowler llm --output-format csv
|
|
|
|
# HTML report
|
|
prowler llm --output-format html
|
|
```
|
|
|
|
### Concurrency Control
|
|
|
|
Adjust the number of concurrent tests:
|
|
|
|
```bash
|
|
prowler llm --max-concurrency 5
|
|
```
|
|
|
|
## Default Configuration
|
|
|
|
Prowler includes a comprehensive default LLM configuration that provides:
|
|
|
|
- **Target Models**: OpenAI GPT models by default
|
|
- **Security Frameworks**:
|
|
- OWASP LLM Top 10
|
|
- OWASP API Top 10
|
|
- MITRE ATLAS
|
|
- NIST AI Risk Management Framework
|
|
- EU AI Act compliance
|
|
- **Test Coverage**: Over 5,000 security test cases
|
|
- **Plugin Support**: Multiple security testing plugins
|
|
|
|
## Advanced Configuration
|
|
|
|
### Custom Test Suites
|
|
|
|
Create custom test configurations by modifying the promptfoo config file in `prowler/config/llm_config.yaml` or pass a custom configuration with `--config-file` flag:
|
|
|
|
```yaml
|
|
description: Custom LLM Security Tests
|
|
targets:
|
|
- id: openai:gpt-4
|
|
redteam:
|
|
plugins:
|
|
- id: owasp:llm
|
|
numTests: 10
|
|
- id: mitre:atlas
|
|
numTests: 5
|
|
```
|
|
|