kon-security-v5

Expert Security Code Reviewer - A fine-tuned Qwen2.5-Coder-7B model specialized for security vulnerability detection and false positive reduction in SAST (Static Application Security Testing) pipelines.

Model Details

Property	Value
Base Model	Qwen2.5-Coder-7B-Instruct
Fine-tuning	QLoRA (4-bit quantization)
Quantization	Q4_K_M (GGUF)
Parameters	7.6B
Context Length	32,768 tokens
File Size	~4.7 GB
Format	GGUF (Ollama-compatible)

Performance

Metric	Score
Overall Accuracy	98.1%
F1 Score	0.99
False Positive Rate	0.0%
JSON Compliance	100%
Avg Response Time	2.8s

Capabilities

Identifies true security vulnerabilities across 20+ vulnerability categories
Eliminates false positives from SAST tools (SQL injection, XSS, command injection, etc.)
Provides structured JSON output with verdict, confidence, CWE IDs, severity, and remediation
Understands framework-specific safe patterns (React, Django, Express, Rails, etc.)
Supports taint analysis reasoning (source-to-sink tracking)

Vulnerability Categories

CRITICAL: SQL Injection (CWE-89), Command Injection (CWE-78), Deserialization (CWE-502), Hardcoded Secrets (CWE-798), Code Injection (CWE-94)

HIGH: XSS (CWE-79), Path Traversal (CWE-22), SSRF (CWE-918), Timing Attacks (CWE-208), Buffer Overflow (CWE-120)

MEDIUM: Weak Crypto (CWE-327), Insecure Random (CWE-330), Information Disclosure (CWE-200), Missing Auth (CWE-306)

Usage with Ollama

# Pull the model
ollama pull kon-security/kon-security-v5

# Or create from GGUF
ollama create kon-security-v5 -f Modelfile

# Run
ollama run kon-security-v5

Example Prompt

<|im_start|>system
You are an expert security code reviewer...
<|im_end|>
<|im_start|>user
Analyze this code for SQL injection:
query = f"SELECT * FROM users WHERE id = {user_id}"
<|im_end|>
<|im_start|>assistant

Example Response

{
  "verdict": "TRUE_POSITIVE",
  "is_vulnerable": true,
  "confidence": 0.97,
  "cwe_ids": ["CWE-89"],
  "severity": "CRITICAL",
  "reasoning": "f-string interpolates user_id directly into SQL query without parameterization",
  "remediation": "cursor.execute('SELECT * FROM users WHERE id = ?', (user_id,))"
}

System Prompt

The model is fine-tuned with the following system prompt baked in:

You are an expert security code reviewer specializing in identifying true
vulnerabilities and eliminating false positives. You analyze code with deep
understanding of security patterns across all languages and frameworks.

CRITICAL RULES:
1. Parameterized queries (?, $1, %s, :param) = SAFE from SQL injection
2. textContent, createTextNode = SAFE from XSS
3. React JSX {variable} = SAFE from XSS (React auto-escapes)
4. subprocess.run([list, args]) without shell=True = SAFE from command injection
5. json.loads/JSON.parse = SAFE (cannot execute code)
6. secure_filename() from werkzeug = SAFE from path traversal
7. bcrypt/argon2/scrypt for password hashing = SAFE
8. HMAC.compare_digest/timingSafeEqual = SAFE from timing attacks
9. DOMPurify.sanitize() = SAFE from XSS
10. MD5/SHA1 for non-security purposes (checksums, cache keys) = SAFE
11. Test files testing security scanners = SAFE
12. Environment variables for secrets = SAFE (not hardcoded)
13. ORM methods (Django .filter(), Rails .where(hash), SQLAlchemy) = SAFE from SQLi
14. Content-Security-Policy, helmet(), CORS allowlists = SAFE

Integration with Kon Security Scanner

This model is the default LLM for the Kon Security Scanner, providing:

SAST finding validation and FP reduction
CWE ID mapping
Severity assessment
Remediation suggestions

from kon.core.ollama_analyzer import OllamaAnalyzer

analyzer = OllamaAnalyzer(model="kon-security-v5:latest")
result = analyzer.analyze_finding_enhanced(
    code_snippet="query = f'SELECT * FROM users WHERE id = {user_id}'",
    vulnerability_type="SQL Injection",
    file_path="app/db.py",
    line_number=42
)
print(result.verdict)  # TRUE_POSITIVE

Training Details

Method: QLoRA (4-bit quantization-aware fine-tuning)
Base: Qwen2.5-Coder-7B-Instruct
Dataset: Curated security code review examples covering 20+ CWE categories
Hardware: NVIDIA GPU with CUDA support
Quantization: Q4_K_M via llama.cpp

License

Apache 2.0 (same as base model)

Downloads last month: 9

GGUF

Model size

8B params

Architecture

qwen2

Hardware compatibility

4-bit

Model tree for HTS-One/kon-security-v5

Base model

Qwen/Qwen2.5-7B

Finetuned

Qwen/Qwen2.5-Coder-7B

Finetuned

Qwen/Qwen2.5-Coder-7B-Instruct

Quantized

(162)

this model

Evaluation results

Accuracy
self-reported

98.100
F1 Score
self-reported

0.990
False Positive Rate
self-reported

0.000
JSON Compliance
self-reported

100.000