18
Any AI tool to analyse a git repo for malicious code?
(discuss.tchncs.de)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 31 Aug 2024
18 points (72.5% liked)
Open Source
30994 readers
470 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
Probably not. Obfuscation works, and might even depend on remote code being downloaded at either build time or run time.
There are a lot of heuristics you can use (e.g. disallowing some functions/modules) to check a codebase, but those already exist no AI required. Unless you call static analysis "AI", who knows.
But an AI can "realise" the code might be downloading something it doesn't need to. That's the point.
AI is "smart" and understands that you told it that the library was supposed to do something specific, and it can understand that and look for things that seem not correlated to the purpose of the repo.
Its got a dataset of billions for tokens, youre better off running the stock market as an antivirus.
Instead if you care use specifically curated programs for the task, like antivirus'