My experience with LLM Code Review vs Deterministic SAST Security Tools
文章探讨了大语言模型(LLMs)在代码审查中的表现,指出其在处理主观性问题时优于现有静态分析工具(SAST),但在寻找客观、确定性输出时表现平平或更差。尽管AI在商业上备受关注,但从业者对其态度较为负面,作者通过博客总结了AI在代码审查中的实际优势。 2025-10-3 21:23:53 Author: www.reddit.com(查看原文) 阅读量:34 收藏
文章探讨了大语言模型(LLMs)在代码审查中的表现,指出其在处理主观性问题时优于现有静态分析工具(SAST),但在寻找客观、确定性输出时表现平平或更差。尽管AI在商业上备受关注,但从业者对其态度较为负面,作者通过博客总结了AI在代码审查中的实际优势。 2025-10-3 21:23:53 Author: www.reddit.com(查看原文) 阅读量:34 收藏
TLDR: LLMs generally perform better than existing SAST tools when you need to answer a subjective question that requires context (ie lots of ways to define one thing), but only as good (or worse) when looking for an objective, deterministic output.
AI is all the hype commercially, but at the same time has a pretty negative sentiment from practitioners (at least in my experience). It's true there are lots of reason NOT to use AI but I wrote a blog post that tries to summarize what AI is actually good at in regards to reviewing code.
文章来源: https://www.reddit.com/r/netsec/comments/1nxbmo0/my_experience_with_llm_code_review_vs/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh