Hugging Face's logo

oke39
/
llama3-8b-secure-code

Text Generation
Transformers
Safetensors
English
llama
text-generation-inference
unsloth
security
code-generation
cybersecurity
llama-3
fine-tune
conversational
Model card Files
xet
Community
llama3-8b-secure-code / README.md
oke39's picture
oke39
Update README.md
b5c30b6 verified
preview code
|
raw
history blame contribute delete
2.73 kB
metadata 
base_model: unsloth/llama-3-8b-Instruct-bnb-4bit
tags:
  - text-generation-inference
  - transformers
  - unsloth
  - llama
  - security
  - code-generation
  - cybersecurity
  - llama-3
  - unsloth
  - fine-tune
license: apache-2.0
datasets:
  - custom-vulnerability-fix-dataset
metrics:
  - code_eval
language:
  - en

Jack: The Secure Code Agent (Llama-3 8B)

Jack is a specialized fine-tune of Llama-3 8B, engineered to detect and fix security vulnerabilities in Python code. It acts as an automated security auditor, taking insecure code as input and outputting a hardened, secure version.

Key Metrics

Metric Score Description
Bandit Pass Rate 88.0% Percentage of fixes that pass the Bandit static analysis security tool.
BLEU Score 69.27 High structural similarity to human-expert security patches.

Quick Start

You can use this model directly via the Hugging Face Inference API or load it locally.

Inference API (Serverless) 

import requests

API_URL = "[https://api-inference.huggingface.co/models/oke39/llama3-8b-secure-code](https://api-inference.huggingface.co/models/oke39/llama3-8b-secure-code)"
headers = {"Authorization": "Bearer YOUR_HF_TOKEN"}

payload = {
    "inputs": """<|begin_of_text|><|start_header_id|>system<|end_header_id|>

You are Jack, a Secure Code Agent. Fix the security vulnerability in the provided code.<|eot_id|><|start_header_id|>user<|end_header_id|>

def login(username, password):
    # Vulnerable SQL Injection
    query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"
    cursor.execute(query)<|eot_id|><|start_header_id|>assistant<|end_header_id|>
"""
}

response = requests.post(API_URL, headers=headers, json=payload)
print(response.json())

Training Details

  • Dataset: Vulnerability Fix Dataset
  • Vulnerabilities Covered: SQL Injection, XSS, Command Injection, Insecure Deserialization, Hardcoded Credentials.

Training Details

Uploaded finetuned model

  • Developed by: oke39
  • License: apache-2.0
  • Finetuned from model : unsloth/llama-3-8b-Instruct-bnb-4bit

This llama model was trained 2x faster with Unsloth and Huggingface's TRL library.