Introducing Selefra’s GPT Feature: Insight Multi-Cloud and SaaS by GPT

Leonynn — Mon, 17 Apr 2023 10:52:13 +0000

We are excited to introduce Selefra GPT Feature(beta), this is an exciting feature. It is supported by OpenAI's large language model GPT-3.5/GPT-4 and Selefra.

In the past, it was very complicated for us to collect and analyze data centrally on the infrastructure, so we built Selefra to solve this problem. However, insight into infrastructure still requires expertise in areas such as security, compliance, cost, and so on. Until the recent arrival of generative AI, we found that the GPT4 model already has the basic expertise.

With Selefra GPT, you don't need to be an expert in areas such as security, cost analysis, architecture, and so on, to get the most basic risk insight from the data. By combining OpenAI and Selefra, we analyze the architectural data of the infrastructure through artificial intelligence technology to provide high-quality insights into business stability and security.

Exploring sample use cases

In the following examples, We will show you how to analyze security, cost, and architecture through Selefra GPT.

Detection of AWS S3 for serious vulnerabilities

selefra gpt "Please help me analyze the vulnerabilities in AWS S3?"

Check if there is a waste of cost in AWS EC2

selefra gpt "Help me query AWS EC2 volumes that are not attached to an instance"

Check whether GCP has architecture design defects

selefra gpt "Help me search for GCP users who do not have MFA activated"

How to Get Started

Read detailed documentation for how to Get Started with Selefra.

For Quick Start, run this demo, it should take less than a few minutes:

Install Selefra
brew install selefra/tap/selefra
Initialization project
mkdir selefra-demo && cd selefra-demo && selefra init
Execute the GPT command for analysis
selefra gpt "your prompt"

Try Selefra GPT Today

If you are interested in Selefra after reading this article, give us a star at: https://github.com/selefra/selefra ✨

Join Our Slack Community and talk with Community: https://selefra.io/community/join

More Selefra Links:

Official Website: https://selefra.io
Blog: https://selefra.io/blog
Slack: https://selefra.io/community/join
Twitter: https://twitter.com/SelefraCorp
Reddit: https://reddit.com/r/Selefra

We are very excited to see what scenarios you will build using Selefra, and to grow together with Selefra!

Selefra: The Open-Source Policy-as-Code Tool for Terraform and Multi-Cloud

Leonynn — Tue, 21 Mar 2023 16:05:25 +0000

We are excited to share the launch of Selefra with everyone, open-source policy-as-code software that provides analytics for multi-cloud and SaaS.

Why Selefra

Several years ago, when I was researching new security attack techniques in public clouds, I had conversations with friends in positions such as CTO, CISO, and SRE. I found that everyone was using different tools, either self-developed or off-the-shelf, to solve various problems in multi-cloud scenarios, such as resource management and cost analysis. However, we all relied on the same basic principle of collecting data using APIs and SDKs provided by cloud service providers or SaaS vendors. I wondered if it was possible to build a multi-cloud analysis infrastructure tool since all cloud analysis scenarios in different fields require the same type of data. This tool could provide standard data collection and more flexible data analysis frameworks, allowing experts in different fields to focus on building analysis scenarios, rather than duplicating data development and learning different analysis languages. Just as Terraform has solved the problem of multi-cloud infrastructure construction as a representative Infrastructure as Code product, we hope to have a product that can solve the unified analysis problem of multi-cloud infrastructure.

Our tool can:

Meet the data analysis requirements of multi-cloud and SaaS services, and can customize data sources.
Provide a simple analysis language.
Manage analysis strategies in code.

To meet these requirements, my team and I have spent the past year building an open-source tool for infrastructure analysis that supports common public cloud resource types. We hope to achieve our vision of providing customers with the ability to analyze all infrastructure through open-source means. We are excited to announce that today we are releasing this product as open-source. Selefra is a combination of Select and Infrastructure, and we hope customers can use Selefra to analyze infrastructure more easily, without spending too much time learning about data and specifications.

What’s Selefra

Selefra means "select * from infrastructure". It is an open-source infrastructure-as-code software that provides analysis for multi-cloud and SaaS environments, including over 30 services such as AWS, GCP, Azure, Alibaba Cloud, Kubernetes, Github, Cloudflare, and Slack.

SQL is Simply Policy Language

Selefra uses SQL+YAML to define policies, which means developers can easily define policies using familiar SQL syntax without having to learn new specific policy syntax. Based on the Terraform Provider, Selefra has built a rich data integration ecosystem. As a developer, you can easily develop and analyze policies for any infrastructure.

For example, you can use SQL to analyze whether AWS S3 Buckets have a security risk of public write access:

selefra:
  name: selefra-demo
  cli_version: latest
  providers:
    - name: aws
      source: aws
      version: latest
rules:
  - name: bucket_resources
    query: |
      SELECT
        DISTINCT(a1.*)
      FROM
        aws_s3_buckets a1,
        aws_s3_bucket_grants a2
      WHERE
       a1.selefra_id = a2.aws_s3_buckets_selefra_id
        AND a2.grantee :: jsonb ->> 'URI' = 'http://acs.amazonaws.com/groups/global/AllUsers'
        AND a2.permission IN ('WRITE_ACP', 'FULL_CONTROL')
    output: "S3 bucket acl public writable, arn: {{.arn}} , bucket name: {{.name}}"

Additionally, you can use it to analyze whether the logging function is enabled for GCP Storage service:

selefra:
  name: selefra-demo
  cli_version: latest
  providers:
    - name: gcp
      source: gcp
      version: latest
rules:
  - name: bucket_logging_disable
    query: |
      SELECT
        *
      FROM
        gcp_storage_buckets
      WHERE
        logging IS NULL
    output: "Bucket logging disable, bucket name: {{.name}}, region: {{.location}}"

For more examples of strategies, you can click to view the Selefra open-source example repository at https://github.com/selefra/selefra-modules-aws-s3 or write the strategy you need based on the Selefra documentation at https://www.selefra.io/docs/build-projects/overview.

Feature of Selefra

Policy-as-Code

Custom analysis policies (security, compliance, cost) can be written through a combination of SQL and YAML.

Configuration of Multi-Cloud, Multi-SaaS

Unified multi-cloud configuration data integration capabilities that can support analysis of configuration data from any cloud service via SQL.

Version Control

Analysis policies can be managed through VCS such as GitHub/Gitlab.

Automation

Policies can be automated to enforce compliance, security, and cost optimization rules through Scheduled tasks and cloud automation tools.

How to use

Read detailed documentation for how to Get Started with Selefra.

For Quick Start, run this demo, it should take less than a few minutes:

Install Selefra

For non-macOS users, other installation methods for Selefra.

On macOS, tap Selefra with Homebrew:
```
brew tap selefra/tap
```
Next, install Selefra:
```
brew install selefra/tap/selefra
```

Initialization project

mkdir selefra-demo && cd selefra-demo && selefra init

Build code
```
selefra apply
```

Selefra Roadmap

Scale provider coverage for AWS, GCP, Azure, K8S, etc. to aim for 100% resource coverage.
Support Terraform, Pulumi, Crossplane, and other mainstream IaC tools to enable rules during deployment and in production.
Scale to 30 more SaaS providers, reaching a total of 70 providers.
We welcome your feedback on our roadmap regarding requirements and bugs: https://github.com/orgs/selefra/projects/1

Supporting Quotes

Salamanka, Senior Information Security Manager, Advance Group

Selefra effectively detects and identifies security risks in cloud platforms, helping to ensure their security compliance and establish a secure baseline, thereby reducing our concerns about using cloud platforms.

Jay, CTO, Airgram

Selefra can help us analyze AWS IAM, which we believe is the most difficult part of AWS, and it greatly improves our efficiency.

Zijie He, HashiCorp Ambassador

Selefra is an ambitious and imaginative open-source software tool that creatively converts IaC resources into SQL tables, making it possible to establish superstructures based on any multi-cloud infrastructure resources, including but not limited to compliance policy, FinOps, etc.

Wrapping Up

If you are interested in Selefra after reading this article, please click here to know more: https://github.com/selefra/selefra

If you have any questions about productivity tools or Selefra products, please feel free to ask questions on Reddit: https://www.reddit.com/r/Selefra or report a bug on our GitHub and join our Slack Community

We are eager to work with excellent individuals who are passionate about infrastructure development, data engineering, and other related fields to build our products together, and we welcome all kinds of contributions.

Join us on Slack and at our weekly open-source community meetups: https://selefra.io/community/join