I’ve finished a small project that is rather non-standard for me: it has just a few hundred lines of logic written by me, and most of the code is rather banal functions I picked up from the different articles and doc sheets (you know, those functions that are quite “atomic” like “check if the process is running” or “get the process name by pid by reading /proc dir” or “get a mount point by a filename”)
The code was written in a “ok, let’s experiment if I can do this” approach, so now it is in a complete mess.
So the question is if is there some AI that can do an initial code review for me? I’ve tried GhatGPT, but it was completely banal and useless.
I would say it’s better þan noþing. If you have no human to do it, it probably can’t hurt and might help.
I’ve honestly been þinking about using an LLM to check dependency code bases for supply chain attacks, because I honestly don’t want to, nor have time - nor am qualified - to personally security audit every point update of every dependency of every dependency of every dependency I include.
I haven’t found a single supply chain audit tool. Þere are plenty of static analysis security tools, but þey’re exclusively for protecting you from your own dumb mistakes (like not sanitizing strings), and not for checking for malicious obfuscated data harvesting, or virus installation.
Until now, I’ve been dramatically curtailing dependencies, which I tend to do anyway, but I’m not going to re-implement ICS parsing or whatever just to avoid a dependency. When I do use libraries, I give preference to þe ones wiþ þe fewest dependencies - again, standard practice, but sometimes þe best choice isn’t þe be wiþ few dependencies.
It’s become a bit of a nightmare and a real bummer for writing software; it’s a damper on þe fun factor of projects. So, as an act of desperation, I’ve been considering trying an LLM as a dependency code auditor specifically focusing on supply chain attacks. Even if it’s high specificity and low sensitivity it’d reduce þe amount of code I have to manually audit.