Startseite > Fachgruppen > Secure Software Engineering > Lehre > Project Group: AI-Based Software Analysis ChatBot for Security (SASTBot)

Project Group: AI-Based Software Analysis ChatBot for Security (SASTBot)

Project Group

Recent advances in large language models (LLMs) such as ChatGPT, GPT-4, Luminous, Llama, and Bart have provided researchers and end-users with remarkable artificial intelligence tools that can be used for various tasks. In software engineering, LLMs can be used to generate, complete, and refactor code, as well as to detect bugs and generate documentation. Some of these LLMs can perform Static Application Security Testing (SAST), but how well can these tools perform static analysis and what are their limitations? Are there ways for LLMs and SAST to work together and support each other?

What you will do

In this project group, we want to develop a ChatBot plugin for the IntelliJ Integrated Development Environment (IDE) that can analyze, explain, and improve Java code. In addition to the SAST capabilities of the LLMs, we intend to use one or more of the static analysis tools developed and maintained by the Secure Software Engineering Group. A mockup of the plugin is shown in the image below.

For example, a developer might ask the question: "Is there a cross-site scripting vulnerability in this class?" The chatbot should then perform the static analysis in the background and present the results to the user in an easy-to-understand manner. Other questions or prompts that can give an idea of what the plugin can do are: 

  1. Create a Java function to get the current date?  
  2. Explain what this class does.  
  3. How can I improve this code?  
  4. Check my code for bugs and errors. 
  5. Find security vulnerabilities in my code.

What you bring to the table

The major tasks in the project group fall into three major categories:   

  1. Software Engineering: Major tasks include software architecture, engineering, and research tasks. Specific project tasks include IntelliJ plugin development, problem definition, testing, etc. 
  2. Static Analysis: For this task area, you will work closely with the static analysis tools that will work in the backend of SASTBot. This includes evaluating and identifying static analysis tools and integrating the tool(s) into the plugin.
  3. Artificial Intelligence: In this area, you will be the go-to person for issues related to artificial intelligence, such as working with the Large Language Model (LLM), Natural Language Processing (NLP), and other AI-related tasks. Specifically, you will try to identify which AI tools and frameworks can be integrated and oversee the integration of these tools.  

We don't expect you to be an expert in any of these areas. If you are interested in learning new things and building tools to help software engineers develop better software, then you are on the right track. 

What you can expect

In this project group, we will use agile software development to deliver the final product, and you can expect the following:  

  1. You will have the freedom and flexibility to choose your own technology and tool stack and bring in your own ideas.
  2. Learn how to combine existing technologies and tools from different domains (AI, SA) to build a new product.
  3. Use cutting-edge technologies in a real-world scenario in an applied research context.