Commit
β’
824f1b9
1
Parent(s):
999f1b2
Update README.md
Browse files
README.md
CHANGED
|
@@ -22,7 +22,6 @@ CodeAstra-7b is a state-of-the-art language model fine-tuned for vulnerability d
|
|
| 22 |
- π **State-of-the-Art Performance**: Achieves cutting-edge results in vulnerability detection tasks.
|
| 23 |
- π **Custom Dataset**: Trained on a proprietary dataset curated for comprehensive vulnerability detection.
|
| 24 |
- π₯οΈ **Large-scale Training**: Utilized A100 GPUs for efficient and powerful training.
|
| 25 |
-
- π¬ **Code Quality Analysis**: Identifies code quality issues when no vulnerabilities are found.
|
| 26 |
|
| 27 |
## Performance Comparison π
|
| 28 |
|
|
@@ -30,6 +29,7 @@ CodeAstra-7b significantly outperforms existing models in vulnerability detectio
|
|
| 30 |
|
| 31 |
| Model | Accuracy (%) |
|
| 32 |
|-------------|--------------|
|
|
|
|
| 33 |
| CodeAstra-7b| 83.00 |
|
| 34 |
| codebert-base-finetuned-detect-insecure-code | 65.30 |
|
| 35 |
| CodeBERT | 62.08 |
|
|
@@ -43,9 +43,6 @@ As shown in the table, CodeAstra-7b achieves an impressive 83% accuracy, substan
|
|
| 43 |
|
| 44 |
CodeAstra-7b is designed to assist developers, security researchers, and code auditors in identifying potential security vulnerabilities in source code. It can be integrated into development workflows, code review processes, or used as a standalone tool for code analysis.
|
| 45 |
|
| 46 |
-
### Code Quality Detection
|
| 47 |
-
|
| 48 |
-
In addition to vulnerability detection, CodeAstra-7b offers an extra layer of value by identifying code quality issues when no security vulnerabilities are found. This feature helps developers improve their code even when it's free from critical security flaws, promoting better coding practices and maintainability.
|
| 49 |
|
| 50 |
### Multiple Vulnerability Scenarios
|
| 51 |
|
|
@@ -102,6 +99,12 @@ While CodeAstra-7b represents a significant advancement in automated vulnerabili
|
|
| 102 |
2. In cases where multiple vulnerabilities (two or three) are present in the same code snippet, the model might not identify all of them correctly.
|
| 103 |
3. False positives are possible, and results should be verified by human experts.
|
| 104 |
4. The model's performance may vary depending on the complexity and context of the code being analyzed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 105 |
|
| 106 |
## Citation π
|
| 107 |
|
|
|
|
| 22 |
- π **State-of-the-Art Performance**: Achieves cutting-edge results in vulnerability detection tasks.
|
| 23 |
- π **Custom Dataset**: Trained on a proprietary dataset curated for comprehensive vulnerability detection.
|
| 24 |
- π₯οΈ **Large-scale Training**: Utilized A100 GPUs for efficient and powerful training.
|
|
|
|
| 25 |
|
| 26 |
## Performance Comparison π
|
| 27 |
|
|
|
|
| 29 |
|
| 30 |
| Model | Accuracy (%) |
|
| 31 |
|-------------|--------------|
|
| 32 |
+
| gpt4o | 88.78
|
| 33 |
| CodeAstra-7b| 83.00 |
|
| 34 |
| codebert-base-finetuned-detect-insecure-code | 65.30 |
|
| 35 |
| CodeBERT | 62.08 |
|
|
|
|
| 43 |
|
| 44 |
CodeAstra-7b is designed to assist developers, security researchers, and code auditors in identifying potential security vulnerabilities in source code. It can be integrated into development workflows, code review processes, or used as a standalone tool for code analysis.
|
| 45 |
|
|
|
|
|
|
|
|
|
|
| 46 |
|
| 47 |
### Multiple Vulnerability Scenarios
|
| 48 |
|
|
|
|
| 99 |
2. In cases where multiple vulnerabilities (two or three) are present in the same code snippet, the model might not identify all of them correctly.
|
| 100 |
3. False positives are possible, and results should be verified by human experts.
|
| 101 |
4. The model's performance may vary depending on the complexity and context of the code being analyzed.
|
| 102 |
+
5. CodeAstra's performance depends on input code snippet length.
|
| 103 |
+
|
| 104 |
+
## Test Aparatus
|
| 105 |
+
|
| 106 |
+
I tested CodeAstra-7b against code snippets from dataset such as Cvefix , YesWeHack vulnerable code repository , Synthetically generated code using LLMs aand OWASP Juice Shop source code
|
| 107 |
+
I ran all those vulnerable scripts against LLMs such as GPT4 , GPT4o etc for evaluation
|
| 108 |
|
| 109 |
## Citation π
|
| 110 |
|