The core drawback: Context vs. guidelines
Conventional SAST instruments, as we all know, are rule-bound; they examine code, bytecode, or binaries for patterns that match recognized safety flaws. Whereas efficient, they typically fail relating to contextual understanding, lacking vulnerabilities in advanced logical flaws, multi-file dependencies, or hard-to-track code paths. This hole is why their precision charges and the proportion of true vulnerabilities amongst all reported findings stay low. In our empirical research, the extensively used SAST instrument, Semgrep, reported a precision of simply 35.7%.
Our LLM-SAST mashup is designed to bridge this hole. LLMs, pre-trained on huge code datasets, possess sample recognition capabilities for code conduct and a data of dependencies that deterministic guidelines lack. This permits them to motive in regards to the code’s conduct within the context of the encompassing code, related recordsdata, and your entire code base.
A two-stage pipeline for clever triage
Our framework operates as a two-stage pipeline, leveraging a SAST core (in our case, Semgrep) to establish potential dangers after which feeding that data into an LLM-powered layer for clever evaluation and validation.
