|
|
--- |
|
|
base_model: unsloth/llama-3-8b-Instruct-bnb-4bit |
|
|
tags: |
|
|
- text-generation-inference |
|
|
- transformers |
|
|
- unsloth |
|
|
- llama |
|
|
- security |
|
|
- code-generation |
|
|
- cybersecurity |
|
|
- llama-3 |
|
|
- unsloth |
|
|
- fine-tune |
|
|
license: apache-2.0 |
|
|
datasets: |
|
|
- custom-vulnerability-fix-dataset |
|
|
metrics: |
|
|
- code_eval |
|
|
language: |
|
|
- en |
|
|
--- |
|
|
|
|
|
Jack: The Secure Code Agent (Llama-3 8B) |
|
|
|
|
|
**Jack** is a specialized fine-tune of Llama-3 8B, engineered to detect and fix security vulnerabilities in Python code. It acts as an automated security auditor, taking insecure code as input and outputting a hardened, secure version. |
|
|
|
|
|
## Key Metrics |
|
|
| Metric | Score | Description | |
|
|
| :--- | :--- | :--- | |
|
|
| **Bandit Pass Rate** | **88.0%** | Percentage of fixes that pass the Bandit static analysis security tool. | |
|
|
| **BLEU Score** | **69.27** | High structural similarity to human-expert security patches. | |
|
|
|
|
|
## Quick Start |
|
|
You can use this model directly via the Hugging Face Inference API or load it locally. |
|
|
|
|
|
### Inference API (Serverless) |
|
|
```python |
|
|
import requests |
|
|
|
|
|
API_URL = "[https://api-inference.huggingface.co/models/oke39/llama3-8b-secure-code](https://api-inference.huggingface.co/models/oke39/llama3-8b-secure-code)" |
|
|
headers = {"Authorization": "Bearer YOUR_HF_TOKEN"} |
|
|
|
|
|
payload = { |
|
|
"inputs": """<|begin_of_text|><|start_header_id|>system<|end_header_id|> |
|
|
|
|
|
You are Jack, a Secure Code Agent. Fix the security vulnerability in the provided code.<|eot_id|><|start_header_id|>user<|end_header_id|> |
|
|
|
|
|
def login(username, password): |
|
|
# Vulnerable SQL Injection |
|
|
query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'" |
|
|
cursor.execute(query)<|eot_id|><|start_header_id|>assistant<|end_header_id|> |
|
|
""" |
|
|
} |
|
|
|
|
|
response = requests.post(API_URL, headers=headers, json=payload) |
|
|
print(response.json()) |
|
|
``` |
|
|
|
|
|
# Training Details |
|
|
- **Dataset:** [Vulnerability Fix Dataset](https://www.kaggle.com/datasets/jiscecseaiml/vulnerability-fix-dataset) |
|
|
- **Vulnerabilities Covered:** SQL Injection, XSS, Command Injection, Insecure Deserialization, Hardcoded Credentials. |
|
|
|
|
|
# Training Details |
|
|
- **GGUF Version:** [oke39/llama3-8b-secure-code-gguf](https://huggingface.co/oke39/llama3-8b-secure-code-gguf) |
|
|
- **MLflow Experiment Tracking:** [Dasgshub Project](https://dagshub.com/oke39/llama3-code-agent) |
|
|
|
|
|
# Uploaded finetuned model |
|
|
|
|
|
- **Developed by:** oke39 |
|
|
- **License:** apache-2.0 |
|
|
- **Finetuned from model :** unsloth/llama-3-8b-Instruct-bnb-4bit |
|
|
|
|
|
This llama model was trained 2x faster with [Unsloth](https://github.com/unslothai/unsloth) and Huggingface's TRL library. |
|
|
|
|
|
[<img src="https://raw.githubusercontent.com/unslothai/unsloth/main/images/unsloth%20made%20with%20love.png" width="200"/>](https://github.com/unslothai/unsloth) |
|
|
|
