@@ -53,18 +53,26 @@ We will make every effort to respond to your report according to the following t
5353
5454### API Key Security
5555
56- DockSec uses OpenAI API keys for AI-powered analysis . To keep your keys secure:
56+ DockSec supports multiple LLM providers (including OpenAI, Anthropic, Google, and Ollama) . To keep your provider credentials secure:
5757
58581 . ** Never commit API keys** to version control
5959 ``` bash
6060 # Use environment variables
61- export OPENAI_API_KEY=" your-key-here"
61+ export OPENAI_API_KEY=" your-openai-key"
62+ export ANTHROPIC_API_KEY=" your-anthropic-key"
63+ export GOOGLE_API_KEY=" your-google-key"
64+ export OLLAMA_API_KEY=" your-ollama-key"
6265
6366 # Or use a .env file (ensure it's in .gitignore)
64- echo " OPENAI_API_KEY=your-key-here" > .env
67+ cat << EOF > .env
68+ OPENAI_API_KEY=your-openai-key
69+ ANTHROPIC_API_KEY=your-anthropic-key
70+ GOOGLE_API_KEY=your-google-key
71+ OLLAMA_API_KEY=your-ollama-key
72+ EOF
6573 ` ` `
6674
67- 2 . ** Restrict API key permissions** in your OpenAI dashboard
75+ 2. ** Restrict API key permissions** in each provider dashboard
68763. ** Rotate keys regularly** , especially if they may have been exposed
69774. ** Monitor API usage** for unexpected activity
7078
@@ -99,7 +107,7 @@ Ensure your network security policies allow these connections if needed.
99107
100108### 1. AI Model Limitations
101109
102- - DockSec uses OpenAI's GPT-4 for analysis
110+ - DockSec supports multiple LLM providers for AI analysis (including OpenAI when configured)
103111- AI recommendations should be reviewed by security professionals
104112- AI models can make mistakes or miss vulnerabilities
105113- Always combine AI analysis with traditional scanning tools
0 commit comments