Giters

lambdasec / autofix

Static Analysis meets Large Language Models

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

auto-remediationbug-fixinglarge-language-modelsremediationstatic-analysisvulnerability-detection

AutoFix

Static Analysis + LLM = AutoFix

Note: If you are looking for a cloud service for vulnerability remediation, please try patched.

  • The new StarCoder model is now supported. Pass --model bigcode/starcoderbase-1b to AutoFix to try the 1B parameter base model.

  • We now support using the CodeGen2 model from Salesforce. Just use --model Salesforce/codegen2-1B with AutoFix. Note that the inference on CPU with CodeGen2 is very slow compared to SantaFixer.

In the initial release, we used Semgrep for doing static analysis and the SantaFixer LLM for bug fixing.

Setup

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Usage

python autofix.py --input examples/example.java

Demo

How it works?

About

Static Analysis meets Large Language Models

auto-remediationbug-fixinglarge-language-modelsremediationstatic-analysisvulnerability-detection

License:Apache License 2.0

Languages

Language:Python 100.0%