상세 보기
초록
Although JavaScript is one of the most widely used programming languages, prior studies have not compared the vulnerability detection performance of SAST tools and LLMs for JavaScript code. This study benchmarked four LLMs, GPT-4, GPT-3.5, Mistral, and Meta-LLaMA-3-8B against the SAST tool Semgrep using a real-world JavaScript vulnerability dataset. GPT-4 achieved the highest accuracy and the lowest false positive rate. These findings suggest the potential to replace traditional SAST tools with LLMs for JavaScript vulnerability detection.
키워드
CVE; JavaScript; LLM; SAST
- 제목
- SAST 도구와 LLM 모델의 취약점 탐지 성능 비교
- 제목 (타언어)
- A Comparative Study on the Vulnerability Detection Performence of SAST Tools and LLM Models
- 저자
- 장홍서; 박선주; 정윤지; 최윤정; 박수현
- 발행일
- 2025-07
- 유형
- N
- 저널명
- 2025년 한국정보기술전략혁신학회 하계 학술대회 논문집
- 페이지
- 12 ~ 14