Project Erasmus is a local, containerized reasoning engine designed to analyze software system data, visualize relationships, and generate GenAI-powered insights. Inspired by Erasmus from Dune, it explores how local AI can reason about real-world software risks.
- Parses SBOMs generated by Syft CLI (CycloneDX JSON)
- Runs Grype CLI scans to detect CVEs
- Joins in metadata from
vendor_geo.csvto add vendor HQ + region context - Visualizes data and vulnerability trends in a Streamlit dashboard
- Integrates Ollama with a dropdown to switch between 3 local GenAI models for contextual summaries and Q&A
- Fully Dockerized — portable, offline, and reproducible
Erasmus lets you query your data entirely offline using:
qwen2.5-coder:7b→ for technical/structured SBOM interpretationgemma:2b→ for lightweight analysis, fast on M1/M2 chipsopenhermes:latest→ for broader contextual or general summaries
Each model serves a different thinking style. You can switch between them using the Streamlit UI dropdown.
For users who want to go deeper:
- Append data from commercial APIs like IPinfo, WHOISXML, or Crunchbase to auto-fill vendor HQ, size, and sector
- Add package popularity or maturity ratings using OSS Index or Libraries.io
- Feed results into a GRC tool for automated software supplier risk scoring
- Syft CLI → SBOM generation
- Grype CLI → vulnerability scanning
- Python + pandas → metadata joining + preprocessing
- Streamlit → visual dashboard with interactive LLM input
- Ollama → GenAI summarization + Q&A using local models
- Docker + Compose → fully containerized environment
Clone the repo:
git clone https://github.com/stoic-dad/project-erasmus.git
cd project-erasmusBuild and run:
docker-compose up --buildThen visit the dashboard at: 👉 http://localhost:8501
- Docker (with Compose)
- Optional: Ollama installed locally to run LLMs
- SBOMs and
vendor_geo.csvin the proper folder structure (see repo)
This project is a hands-on exploration of combining GenAI, software system complexity, and reasoning. Named after Erasmus — the AI thinker from Dune — it’s built for curious engineers who want to:
- Visualize what software they're running
- Ask natural-language questions about supply chain risk
- Work locally without sending data to the cloud
Let’s make software bill of materials reason about themselves.
