Skip to content

Evaluation#122

Merged
ashsong-nv merged 105 commits into
NVIDIA-AI-Blueprints:developfrom
katherineh123:wip-evaluation
Nov 3, 2025
Merged

Evaluation#122
ashsong-nv merged 105 commits into
NVIDIA-AI-Blueprints:developfrom
katherineh123:wip-evaluation

Conversation

@katherineh123

@katherineh123 katherineh123 commented Aug 29, 2025

Copy link
Copy Markdown
Collaborator

Updated Config files:
src/vuln_analysis/configs/config-eval.yml : separate eval-specific config that shows the accuracy and consistency custom evaluators. Additionally, a max_concurrency parameter was added to the cve_checklist, cve_summarize, and cve_justify pipeline stages to help avoid 429 Too Many Request errors when running eval with a large test set, or with multiple repetitions (the modified code can be found in cve_checklist.py, cve_justify.py, and cve_summarize.py in in src/vuln_analysis/functions).
src/vuln_analysis/configs/config-tracing.yml and src/vuln_analysis/configs/config.yml : Renamed the profiler dataset from eval_dataset.json to profiler_dataset.json to not be misleading with the newly added evaluation workflow.

Eval example test sets to show eval input format:
src/vuln_analysis/data/eval_datasets/common-test-set.json : shows how multiple containers can be in one test set json (as long as both containers test the same set of CVEs. Note that ground truth for the morpheus-24.03 container is dummy data.
src/vuln_analysis/data/eval_datasets/morpheus-23.11-test-set.json: morpheus 23.11 specific test set -- ground truth is based on our hand-labeled dataset
src/vuln_analysis/data/eval_datasets/morpheus-24.03-test-set.json : morpheus 24.03 specific test set -- ground truth is dummy data.

Functions to handle eval input:
src/vuln_analysis/data_models/eval_input.py : data model for eval input. Borrows from the preexisting image input data model to validate container metadata. Then it also verifies that for all containers listed in a test set json, the containers share the same CVE test set.
src/vuln_analysis/eval/parse_eval_input.py : parse the custom eval input json so that it is digestible by NAT's eval harness (aka transform the human readable json into an EvalInputItem format). NAT is told to use this parsing script via the config option eval.general.dataset.function

Custom evaluators:
src/vuln_analysis/eval/evaluators/accuracy.py: configurable accuracy evaluator. Config options:

  • field: run accuracy on label or status field
  • multiple_reps : True/False. If True, change the eval output file to output multiple metrics used to construct a box and whiskers plot that captures the distribution of runs instead of a single average. src/vuln_analysis/eval/visualizations/box_and_whisker_plot.py is a script to consume this output (not part of the main nat eval run). src/vuln_analysis/eval/visualizations/example_plot.png shows an example of the output of this script using dummy data.
  • conflict_policy: Defines how to handle CVEs in the eval test set that have duplicate/conflicting ground truth labels. Options include lenient, keep_first, and strict. lenient means if CVE agent picks any of the duplicate answers in the test set, mark as accurate. keep_first means use the first CVE ground truth encountered in the test set as the truth for that CVE. strict means drop all CVEs that have conflicting labels (makes the test set smaller).

src/vuln_analysis/eval/evaluators/consistency.py: configurable evaluator for measuring consistency of answers per-CVE across multiple repetitions. Config options:

  • field: run consistency on label or status field
  • src/vuln_analysis/register.py : added registration imports for the two custom evaluators.

Misc:
src/vuln_analysis/utils/checklist_prompt_generator.py: When I was testing eval runs, I was running into parsing errors that crashed the pipeline. Making the parsing of the generated checklist more robust fixed these errors.

WIP:

  1. Add response_similarity evaluator (Shawn's VAPR response spread metric for the summary field)
  2. Add LLM as a judge on the summary field

@ashsong-nv ashsong-nv left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Adding some initial feedback. Let's sync on custom dataset format.

Comment thread src/vuln_analysis/eval/eval_consistency.py Outdated
Comment thread src/vuln_analysis/eval/eval_label_accuracy.py Outdated
Comment thread src/vuln_analysis/eval/eval_consistency.py Outdated
Comment thread src/vuln_analysis/configs/config-eval.yml Outdated
Comment thread src/vuln_analysis/data/eval_datasets/profiler_dataset.json
Comment thread src/vuln_analysis/configs/config-eval.yml Outdated
Comment thread src/vuln_analysis/configs/config-eval.yml Outdated
Comment thread src/vuln_analysis/configs/config-eval.yml Outdated
katherineh123 and others added 27 commits November 3, 2025 11:13
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
@ashsong-nv ashsong-nv merged commit 46dd4e4 into NVIDIA-AI-Blueprints:develop Nov 3, 2025
efajardo-nv added a commit that referenced this pull request Dec 2, 2025
* Update to aiqtoolkit 1.2 pre-release for async endpoint (#106)

* Update to aiqtoolkit 1.2 pre-release for async endpoint

* Update uv sync in Dockerfile

* Add info about async endpoint to readme

* Fix port number in example job status curl command

* Update workflow to allow disabling the vulnerability dependency checker (#109)

* Add max_retries option to cve_fetch_intel (#113)

* Add request_timeout option to cve_fetch_intel (#114)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Add `intel_source_timeout` config to `cve_fetch_intel` function (#118)

* Update nat dependency to rc8 and up (#120)

* migrating to nat 1.2.0 (#121)

* Update completed items on roadmap (#129)

* added automatic retries to configs (#119)

* Add `missing_source_action` configuration and handling (#126)

* Update `missing_source_action` option for backwards compatibility (#132)

* Update to latest nvidia-nat 1.3 (#131)

* Update ubuntu intel source data model to match new API schema

Update data model to match new ubuntu API schema to fix validation error -- changed exploitabilityscore and impactScore fields to Optional

* nvidia api key readme update (#135)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Update nvidia-nat version specifier (#141)

* Update nvidia-nat version specifier

* Disable prerelease install in Dockerfile

* Document LLM retry options in README (#140)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: Katherine Huang <katherineh@nvidia.com>

* Add NAT 1.3 async endpoints support (#143)

* Install nvidia-nat[async_endpoints]

* Fix async endpoint call

* Majority Voting via Test Time Compute (#139)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Evaluation (#122)

Co-authored-by: Katherine Huang <katherineh@katherineh-mlt.client.nvidia.com>
Co-authored-by: hsin-c <109615347+hsin-c@users.noreply.github.com>
Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Emphasize troubleshooting section of the README (#146)

* Mac readme update (#145)

* Update default timeout and retries for intel fetching (#147)

* Remove broken image link from readme (#150)

* Add `max concurrency` config option to checklist, summarize and justify (#148)

* Added a 'max_concurrency' parameter to the ttc workflow to try and avoid 429's when running the pipeline multiple times. (#151)

* Update to NAT 1.3.1 (#149)

* Update to NAT 1.3.1

* Update README with info about async cli flags

* Global `llm_max_rate` for cve_agent workflow (#152)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Enable default_llm configuration (#156)

* README updates (#154)

* Improvements to NAT error truncation, auth error logging, and API error logging (#155)

* Clarify custom evaluators in README (#153)

* Improvements to README and TTC logging (#158)

* feat: make 1_Deploy_CVE.ipynb auto executable (#144)

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>

* Update dependencies for security compliance (#159)

* Update vuln_analysis version for docker build and compose (#160)

* Fix syft install command in sboms readme (#164)

* Fix syft install command in sboms readme

* Update sboms readme to use recommended syft install command

* Update README mac support and workarounds sections (#165)

* Improve TTC output documentation (#166)

* Update functions to log exceptions (#168)

* Update functions to log exception name

* Update to also include error message

* Remove test code

---------

Co-authored-by: Ashley Song <165685692+ashsong-nv@users.noreply.github.com>
Co-authored-by: shawn-davis <12801620+shawn-davis@users.noreply.github.com>
Co-authored-by: Katherine Huang <katherineh@nvidia.com>
Co-authored-by: Katherine Huang <katherineh@katherineh-mlt.client.nvidia.com>
Co-authored-by: hsin-c <109615347+hsin-c@users.noreply.github.com>
Co-authored-by: ryanzhang1230 <ryanzh@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants