ScanOps QLoRA v4 โ€” Security Vulnerability Detection

QLoRA fine-tuned Qwen2.5-Coder-1.5B-Instruct for CVE/CWE vulnerability analysis.

What's New in v4

  • Full retrain from scratch โ€” no catastrophic forgetting
  • 1,000 training samples (367 original + 633 new)
  • CWE Top-25 full coverage (2023)
  • CVSS base score output โ€” new field in response
  • 35 CWE types across Python, Node.js, Java, React, Go, Ruby, PHP, C, GitHub Actions

Model Details

  • Base: Qwen/Qwen2.5-Coder-1.5B-Instruct
  • Fine-tuning: QLoRA (r=32, alpha=64, 3 epochs, cosine schedule)
  • Training data: 1,000 samples, 35 CWE types, 9 languages
  • Quantization: Q4_K_M (GGUF)
  • Target detection rate: 98%+

Response Format

VULNERABILITY: CWE-89 SQL Injection
SEVERITY: CRITICAL
CVSS: 9.8
ATTACK: ๊ณต๊ฒฉ์ž๊ฐ€ username ํŒŒ๋ผ๋ฏธํ„ฐ์— ' OR 1=1-- ๋ฅผ ์ฃผ์ž…ํ•ด ์ธ์ฆ์„ ์šฐํšŒํ•ฉ๋‹ˆ๋‹ค.
FIX:
cursor.execute("SELECT * FROM users WHERE id=%s", (user_id,))

Usage with Ollama

ollama pull hf.co/SehanKim/qwen2.5-coder-security-v4-gguf:Q4_K_M
Downloads last month
58
GGUF
Model size
2B params
Architecture
qwen2
Hardware compatibility
Log In to add your hardware

4-bit

Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support