this post was submitted on 31 Aug 2024
19 points (74.4% liked)

Open Source

30302 readers
806 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
19
Any AI tool to analyse a git repo for malicious code? (discuss.tchncs.de)
submitted 2 weeks ago by unknowing8343@discuss.tchncs.de to c/opensource@lemmy.ml
10 comments fedilink hide all child comments
 

cross-posted from: https://discuss.tchncs.de/post/21298994

I'm trying to feel more comfortable using random GitHub projects, basically.

you are viewing a single comment's thread
view the rest of the comments
[–] unknowing8343@discuss.tchncs.de 1 points 2 weeks ago (2 children)

But an AI can "realise" the code might be downloading something it doesn't need to. That's the point.

AI is "smart" and understands that you told it that the library was supposed to do something specific, and it can understand that and look for things that seem not correlated to the purpose of the repo.

[–] remram@lemmy.ml 4 points 2 weeks ago (1 children)

If you're one of those people that think every product is better if there's "AI" on the box then sure. What you're describing is static analysis though, it is not new.

[–] unknowing8343@discuss.tchncs.de 1 points 2 weeks ago (1 children)

Where's that tool then?

[–] fruitycoder@sh.itjust.works 2 points 2 weeks ago

Gitlab has a SAST tool

[–] Sethayy@sh.itjust.works 2 points 2 weeks ago

Its got a dataset of billions for tokens, youre better off running the stock market as an antivirus.

Instead if you care use specifically curated programs for the task, like antivirus'