Any AI tool to analyse a git repo for malicious code?
https://discuss.tchncs.de/post/21299499
=> More informations about this toot | More toots from unknowing8343@discuss.tchncs.de
Probably not. Obfuscation works, and might even depend on remote code being downloaded at either build time or run time.
There are a lot of heuristics you can use (e.g. disallowing some functions/modules) to check a codebase, but those already exist no AI required. Unless you call static analysis “AI”, who knows.
=> More informations about this toot | More toots from remram@lemmy.ml
But an AI can “realise” the code might be downloading something it doesn’t need to. That’s the point.
AI is “smart” and understands that you told it that the library was supposed to do something specific, and it can understand that and look for things that seem not correlated to the purpose of the repo.
=> More informations about this toot | More toots from unknowing8343@discuss.tchncs.de
If you’re one of those people that think every product is better if there’s “AI” on the box then sure. What you’re describing is static analysis though, it is not new.
=> More informations about this toot | More toots from remram@lemmy.ml
Where’s that tool then?
=> More informations about this toot | More toots from unknowing8343@discuss.tchncs.de
Gitlab has a SAST tool
=> More informations about this toot | More toots from fruitycoder@sh.itjust.works
Its got a dataset of billions for tokens, youre better off running the stock market as an antivirus.
Instead if you care use specifically curated programs for the task, like antivirus’
=> More informations about this toot | More toots from Sethayy@sh.itjust.works This content has been proxied by September (ba2dc).Proxy Information
text/gemini