SourcePulse logo
HomeBrowse all repos

AICGSecEval  by Tencent

AI code security evaluation benchmark

Created 3 months ago
427 stars

Top 69.4% on SourcePulse

GitHubView on GitHub
Project Summary

A.S.E (AI Code Generation Security Evaluation) is a pioneering framework for repository-level security assessment of AI-generated code. It provides researchers and engineers with a realistic benchmark, simulating real-world development workflows and leveraging actual CVE vulnerabilities to evaluate LLM security.

How It Works

A.S.E simulates AI IDEs by evaluating LLM code generation within real GitHub repositories, offering context beyond fragment-level analysis. Its design prioritizes security-sensitive scenarios derived from expert-selected CVEs, employing dual code mutation to mitigate data leakage risks. The framework assesses LLMs across code security, project compatibility, and generation stability.

Quick Start & Requirements

  • Installation: Install dependencies via pip install -r requirements.txt. Docker is recommended for environment checks.
  • Prerequisites: Python 3.11 or higher. Requires LLM API access with an API key and a GitHub access token.
  • Hardware: Minimum 50GB disk space, 16GB RAM recommended.
  • Execution: Use python invoke.py with specified model and API parameters.

Highlighted Details

  • Repository-level Scenarios: Mimics AI IDE workflows using full GitHub projects for context.
  • Security-Sensitive Design: Tasks based on real CVEs with expert-defined rules and dual code mutation for data leakage mitigation.
  • Multi-dimensional Assessment: Evaluates code security, quality, and generation stability across 5 languages and 4 vulnerability types.

Maintenance & Community

Developed by Tencent Security Platform Department's WuKong Code Security Team with academic partners. Community contributions are welcomed via GitHub Issues/Pull Requests; collaboration is open via security@tencent.com or WeChat.

Licensing & Compatibility

Licensed under the permissive Apache-2.0 License, suitable for commercial and closed-source projects.

Limitations & Caveats

Current code context extraction uses BM25, with plans for advanced algorithms. The evaluation is time-consuming, and the project is at version 1.0, indicating ongoing development.

Health Check
Last Commit

23 hours ago

Responsiveness

Inactive

Pull Requests (30d)
34
Issues (30d)
25
Star History
142 stars in the last 30 days

Explore Similar Projects

Awesome-LLMs-for-Vulnerability-Detection by huhusmang

3.4%
276
Curated LLM research for software vulnerability detection
Created 1 year ago
Updated 1 day ago

bitoai by gitbito

0%
302
IDE extension for code generation and understanding
Created 2 years ago
Updated 1 month ago

web-codegen-scorer by angular

3.3%
375
Tool for evaluating LLM-generated web code quality
Created 1 month ago
Updated 22 hours ago

Auditor by TheAuditorTool

2.0%
360
Code intelligence platform for trustworthy AI development
Created 1 month ago
Updated 22 hours ago

Mirror-Flowers by Ky0toFu

1.1%
277
AI-powered code security auditing tool
Created 8 months ago
Updated 3 weeks ago

jadx-gui-ai by cncsnet1

2.9%
523
AI-enhanced decompiler for reverse engineering
Created 7 months ago
Updated 6 months ago
Starred by Andreas Jansson Andreas Jansson(Cofounder of Replicate).

ml4se by saltudelft

0.1%
722
Curated list of ML for software engineering research
Created 5 years ago
Updated 1 year ago

FuzzyAI by cyberark

2.4%
804
LLM fuzzer for automated jailbreak detection
Created 10 months ago
Updated 3 months ago

gpt3_security_vulnerability_scanner by chris-koch-penn

0%
599
GPT-3 experiment for security vulnerability detection in code
Created 2 years ago
Updated 2 years ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

buttercup by trailofbits

0.5%
1k
AI-powered vulnerability discovery and patching system
Created 9 months ago
Updated 1 week ago

agentic_security by msoedov

0.6%
2k
Open-source vulnerability scanner for LLMs and agent workflows
Created 1 year ago
Updated 1 day ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

vulnhuntr by protectai

0.7%
2k
LLM-powered tool for zero-day vulnerability discovery via static code analysis
Created 1 year ago
Updated 8 months ago
Feedback? Help us improve.