(Translated by https://www.hiragana.jp/)
GitHub - lambdasec/autofix: Static Analysis meets Large Language Models
Skip to content

lambdasec/autofix

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Active development on this project has now moved to Patchwork. Patchwork is a more generic framework that combines tools and LLMs in agentic workflows for software development.

AutoFix

Static Analysis + LLM = AutoFix

Note: If you are looking for a cloud service for vulnerability remediation, please try patched.

  • The new StarCoder model is now supported. Pass --model bigcode/starcoderbase-1b to AutoFix to try the 1B parameter base model.

  • We now support using the CodeGen2 model from Salesforce. Just use --model Salesforce/codegen2-1B with AutoFix. Note that the inference on CPU with CodeGen2 is very slow compared to SantaFixer.

In the initial release, we used Semgrep for doing static analysis and the SantaFixer LLM for bug fixing.

Setup

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

Usage

python autofix.py --input examples/example.java

Demo

How it works?