Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code
It addresses the problem of generating secure code for developers, but appears incremental as it combines existing methods into a unified system.
The paper introduces SGCode, a system that integrates prompt optimization with large language models to generate secure code free of vulnerabilities, showing it is practical with only marginal cost compared to standard LLM prompting.
This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: https://sgcode.codes/.