Saved in:
Bibliographic Details
Main Authors: Centellas-Claros, Leonardo, Alonso-Lecaros, Juan J., Alcocer, Juan Pablo Sandoval, Neyem, Andres
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.16310
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910916909465600
author Centellas-Claros, Leonardo
Alonso-Lecaros, Juan J.
Alcocer, Juan Pablo Sandoval
Neyem, Andres
author_facet Centellas-Claros, Leonardo
Alonso-Lecaros, Juan J.
Alcocer, Juan Pablo Sandoval
Neyem, Andres
contents Automation of code reviews using AI models has garnered substantial attention in the software engineering community as a strategy to reduce the cost and effort associated with traditional peer review processes. These models are typically trained on extensive datasets of real-world code reviews that address diverse software development concerns, including testing, refactoring, bug fixes, performance optimization, and maintainability improvements. However, a notable limitation of these datasets is the under representation of code vulnerabilities, critical flaws that pose significant security risks, with security-focused reviews comprising a small fraction of the data. This scarcity of vulnerability-specific data restricts the effectiveness of AI models in identifying and commenting on security-critical code. To address this issue, we propose the creation of a synthetic dataset consisting of vulnerability-focused reviews that specifically comment on security flaws. Our approach leverages Large Language Models (LLMs) to generate human-like code review comments for vulnerabilities, using insights derived from code differences and commit messages. To evaluate the usefulness of the generated synthetic dataset, we plan to use it to fine-tune three existing code review models. We anticipate that the synthetic dataset will improve the performance of the original code review models.
format Preprint
id arxiv_https___arxiv_org_abs_2504_16310
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Improving Automated Secure Code Reviews: A Synthetic Dataset for Code Vulnerability Flaws
Centellas-Claros, Leonardo
Alonso-Lecaros, Juan J.
Alcocer, Juan Pablo Sandoval
Neyem, Andres
Software Engineering
Automation of code reviews using AI models has garnered substantial attention in the software engineering community as a strategy to reduce the cost and effort associated with traditional peer review processes. These models are typically trained on extensive datasets of real-world code reviews that address diverse software development concerns, including testing, refactoring, bug fixes, performance optimization, and maintainability improvements. However, a notable limitation of these datasets is the under representation of code vulnerabilities, critical flaws that pose significant security risks, with security-focused reviews comprising a small fraction of the data. This scarcity of vulnerability-specific data restricts the effectiveness of AI models in identifying and commenting on security-critical code. To address this issue, we propose the creation of a synthetic dataset consisting of vulnerability-focused reviews that specifically comment on security flaws. Our approach leverages Large Language Models (LLMs) to generate human-like code review comments for vulnerabilities, using insights derived from code differences and commit messages. To evaluate the usefulness of the generated synthetic dataset, we plan to use it to fine-tune three existing code review models. We anticipate that the synthetic dataset will improve the performance of the original code review models.
title Improving Automated Secure Code Reviews: A Synthetic Dataset for Code Vulnerability Flaws
topic Software Engineering
url https://arxiv.org/abs/2504.16310