Security shouldn't start after deployment. AutoRABIT CodeScan helps teams find and fix vulnerabilities early, reducing risk before attackers can exploit them. See how AutoRABIT CodeScan helps prevent vulnerabilities from reaching production: bit.ly/4aIjfbr

GitHub - HeJiguang/codescan: 基于大语言模型的代码漏洞风险检查工具，支持多种编程语言和检查模式，为开发者提供全面的代码安全评估解决方案。 · GitHub github.com/HeJiguang/codesca…

[論文]GitHub CopilotやCursorなどAIコーディングアシスタントの背後にあるコード生成LLMが、訓練データの汚染によって脆弱なコードを出力するよう仕込まれていた場合に、モデルの内部にアクセスせずに外側から検出するフレームワーク「CodeScan」の提案。 汚染されたモデルは、たとえばFlaskアプリのテンプレート描画を安全なrender_template()ではなくXSSに脆弱なjinja2[.]Template()[.]render()で書くよう誘導されるといった形で、一見正常だが危険なコードを生成する。 従来のスキャン手法BAITはトークン単位の一致を見るため、変数名やファイル名が変わるだけで同じ脆弱な構造を見落とす一方、無害な定型コードを誤検知してしまう問題があった。 CodeScanは生成コードを抽象構文木(AST)に変換して表層的な違いを吸収し、複数のプロンプトにまたがって繰り返し出現する構造パターンを抽出したうえで、そのパターンに脆弱性が含まれるかをLLMで判定する仕組み。 【要点】 ・University of ConnecticutとVisa Researchによるプレプリント(arXiv:2603.17174、2026年3月17日公開)。コード生成LLMを対象としたブラックボックスかつ脆弱性指向のポイズニングスキャンとしては初の提案とされる ・CodeLlama、Qwen2.5-Coder、StarCoder2の3アーキテクチャ、108モデルに対し4種の攻撃手法(Simple、Covert、TrojanPuzzle、CodeBreaker)で評価。検出F1スコアは平均約0.98 ・比較対象のBAITはコード生成LLMに適用するとV1(XSS)およびV2(証明書検証無効化)で偽陽性率100%、全体のF1スコアは0.17。CodeScanはV1で偽陽性率0%、V2・V3で16.67%に抑制 ・CodeBreaker攻撃はGPT-4ベースの検出器を回避するよう難読化されたペイロードを使うが、CodeScanはGPT-5 miniを脆弱性判定に使うことでこの回避も突破。GPT-5 miniは難読化済みコードに対してもzero-shotで94%以上、one-shotでほぼ100%の検出精度を発揮 ・スキャン時間もBAITと比較して大幅に短縮されており、実用面でも優位 ・34Bを含む大型モデルでも高い精度・再現率を維持しており、モデル規模へのスケーラビリティも確認済み arxiv.org/abs/2603.17174

#CodeScan is booming! Love this! 🌟

And cancelled. Stop spreading misinformation #CodeScan

Mastering CODESCAN for SQL Command Line to check the quality of SQL and PL/SQL against coding guidelines from Trivadis. wsowa.hashnode.dev/codescan-… #Oracle #orclapex #OracleDatabase #SQLcl #CodeReview #CodeQuality #PLSQL

HarmonyOS NEXT code scan feature supports auto-zoom up to 18 meters #Huawei #HarmonyOSNEXT #CodeScan #Features huaweicentral.com/harmonyos-…

Generative AI tools promise to streamline software development, but if you aren’t careful, this speed could cost you data security. CodeScan provides guardrails to enable expedited code delivery through AI with the security and quality assurances you need. bit.ly/4fwbbuq

Jo a když už to codescan přečte, tak vám vrátí čistě ID, ale bez informace, že se jedná o ID. Tzn. nemáte jistotu, co to vlastně přečetlo, a jestli je to správně. Tak vězte, že to je ID.

If you inherit a codebase where the unit tests asserts are primarily `Assert.isTrue(True, ‘Meets codescan requirements’);` and you’re also running out of bourbon, I might suggest that we’ve moved from correlation to causation.

#SalesforceTour NYC has officially started! Our CodeScan experts are ready to discuss all things #CodeScan, quality code and reliable #datasecurity for #Salesforce environments. Come say hello! 👋

Meet one of our Silver sponsors, @CodeScanforSFDC ! We'd like to thank the team behind CodeScan for helping make French Touch Dreamin' possible. We're looking forward to seeing you on November 30th for #FTD23!

Florida Dreamin'​ 🍊 Day 2 rolls on and so does this beautiful sunny weather! ☀   #CharlieRABIT is kickin' it at the beach but our #CodeScan team is ready to chat #StaticCodeAnalysis at booth 20 in the Expo Hall! 🐰 #FLD23

We're here at #FLD23 at booth 20 in the Expo Hall! We'll be talking all things #CodeScan, coding quality, and data security - come connect with our team & grab some #AutoRABIT swag 🐰🤩

Revolutionize your #DevSecOps with #FlowCenter! The unified interface rolls ARM, CodeScan, & Vault into one place for crystal clear insights. Drive business decisions, optimize processes, and ensure clean, safe code flow to production. Learn more: bit.ly/3t0KDOT

The countdown is on! ⏳ Who's joining us for @dreamin_florida? The #CodeScan team and #CharlieRABIT are ready for an awesome event 🤩 #FLD23! Learn more about Florida Dreamin': bit.ly/3RUaEtE

@SalesforceBen closed out Day 1 with a night to remember! We had a great time at AfterParty GPT 🎉 #DF23 Day ✌️ rolls on! #Trailblazers can find our AutoRABIT experts at booth #9 in the Trailblazer Forest and our CodeScan experts at booth #1700 in the Campground!

#DF23 countdown is on and AutoRABIT has a treat for all adventurers! Visit CodeScan at booth 1700 to grab your map. Demos at our booths & hidden pirates across the venue get you stamps. Collect them all, win swag grand prizes🏆! Learn More: bit.ly/3r1w9h8

#CodeScan is making it even easier to enhance your ability to maintain high-quality code and improve your security posture. An additional quality gate, revamped interface, efficient key shortcuts, and more. Learn all about it in our blog. bit.ly/45vkCWk

⏰ Less than 24 hours until @MidWest_Dreamin! Get ready to meet #CharlieRABIT and connect with our amazing CodeScan by AutoRABIT team for a look at our static code analysis tool. 👀 See you #Trailblazers tomorrow at Booth 18! 🐰 #MWD23