mahdin70
/

graphcodebert-devign-code-vulnerability-detector

@@ -1,199 +1,123 @@
 ---
 library_name: transformers
-tags: []
 ---
-# Model Card for Model ID
-<!-- Provide a quick summary of what the model is/does. -->
 ## Model Details
-### Model Description
-<!-- Provide a longer summary of what this model is. -->
-This is the model card of a 🤗 transformers model that has been pushed on the Hub. This model card has been automatically generated.
-- **Developed by:** [More Information Needed]
-- **Funded by [optional]:** [More Information Needed]
-- **Shared by [optional]:** [More Information Needed]
-- **Model type:** [More Information Needed]
-- **Language(s) (NLP):** [More Information Needed]
-- **License:** [More Information Needed]
-- **Finetuned from model [optional]:** [More Information Needed]
-### Model Sources [optional]
-<!-- Provide the basic links for the model. -->
-- **Repository:** [More Information Needed]
-- **Paper [optional]:** [More Information Needed]
-- **Demo [optional]:** [More Information Needed]
 ## Uses
-<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
 ### Direct Use
-<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
-[More Information Needed]
-### Downstream Use [optional]
-<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
-[More Information Needed]
 ### Out-of-Scope Use
-<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
-[More Information Needed]
 ## Bias, Risks, and Limitations
-<!-- This section is meant to convey both technical and sociotechnical limitations. -->
-[More Information Needed]
-### Recommendations
-<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
-Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
-## How to Get Started with the Model
-Use the code below to get started with the model.
-[More Information Needed]
 ## Training Details
 ### Training Data
-<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
-[More Information Needed]
 ### Training Procedure
-<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
-#### Preprocessing [optional]
-[More Information Needed]
-#### Training Hyperparameters
-- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
-#### Speeds, Sizes, Times [optional]
-<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
-[More Information Needed]
-## Evaluation
-<!-- This section describes the evaluation protocols and provides the results. -->
-### Testing Data, Factors & Metrics
-#### Testing Data
-<!-- This should link to a Dataset Card if possible. -->
-[More Information Needed]
-#### Factors
-<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
-[More Information Needed]
-#### Metrics
-<!-- These are the evaluation metrics being used, ideally with a description of why. -->
-[More Information Needed]
-### Results
-[More Information Needed]
-#### Summary
-## Model Examination [optional]
-<!-- Relevant interpretability work for the model goes here -->
-[More Information Needed]
 ## Environmental Impact
-<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
-Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
-- **Hardware Type:** [More Information Needed]
-- **Hours used:** [More Information Needed]
-- **Cloud Provider:** [More Information Needed]
-- **Compute Region:** [More Information Needed]
-- **Carbon Emitted:** [More Information Needed]
-## Technical Specifications [optional]
-### Model Architecture and Objective
-[More Information Needed]
-### Compute Infrastructure
-[More Information Needed]
-#### Hardware
-[More Information Needed]
-#### Software
-[More Information Needed]
-## Citation [optional]
-<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
-**BibTeX:**
-[More Information Needed]
-**APA:**
-[More Information Needed]
-## Glossary [optional]
-<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
-[More Information Needed]
-## More Information [optional]
-[More Information Needed]
-## Model Card Authors [optional]
-[More Information Needed]
-## Model Card Contact
-[More Information Needed]

 ---
 library_name: transformers
+tags:
+- Code
+- Vulnerability
+- Detection
+datasets:
+- DetectVul/devign
+language:
+- en
+base_model:
+- microsoft/graphcodebert-base
+license: mit
+metrics:
+- accuracy
+- precision
+- f1
+- recall
 ---
+## GraphCodeBERT for Code Vulnerability Detection
+## Model Summary
+This model is a fine-tuned version of **microsoft/graphcodebert-base**, optimized for detecting vulnerabilities in code. It is trained on the **DetectVul/devign** dataset.
+The model takes in a code snippet and classifies it as either **safe (0)** or **vulnerable (1)**.
 ## Model Details
+- **Developed by:** Mukit Mahdin
+- **Finetuned from:** `microsoft/graphcodebert-base`
+- **Language(s):** English (for code comments & metadata), C/C++
+- **License:** MIT
+- **Task:** Code vulnerability detection
+- **Dataset Used:** `DetectVul/devign`
+- **Architecture:** Transformer-based sequence classification
 ## Uses
 ### Direct Use
+This model can be used for **static code analysis**, security audits, and automatic vulnerability detection in software repositories. It is useful for:
+- **Developers**: To analyze their code for potential security flaws.
+- **Security Teams**: To scan repositories for known vulnerabilities.
+- **Researchers**: To study vulnerability detection in AI-powered systems.
+### Downstream Use
+This model can be integrated into **IDE plugins**, **CI/CD pipelines**, or **security scanners** to provide real-time vulnerability detection.
 ### Out-of-Scope Use
+- The model is **not meant to replace human security experts**.
+- It may not generalize well to **languages other than C/C++**.
+- False positives/negatives may occur due to dataset limitations.
 ## Bias, Risks, and Limitations
+- **False Positives & False Negatives:** The model may flag safe code as vulnerable or miss actual vulnerabilities.
+- **Limited to C/C++:** The model was trained on a dataset primarily composed of **C and C++ code**. It may not perform well on other languages.
+- **Dataset Bias:** The training data may not cover all possible vulnerabilities.
+### Recommendations
+Users should **not rely solely on the model** for security assessments. Instead, it should be used alongside **manual code review and static analysis tools**.
+## How to Get Started with the Model
+Use the code below to load the model and run inference on a sample code snippet:
+```python
+from transformers import AutoTokenizer, AutoModelForSequenceClassification
+import torch
+# Load the fine-tuned model
+tokenizer = AutoTokenizer.from_pretrained("microsoft/graphcodebert-base")
+model = AutoModelForSequenceClassification.from_pretrained("mahdin70/graphcodebert-devign-code-vulnerability-detector")
+# Sample code snippet
+code_snippet = '''
+void process(char *input) {
+    char buffer[50];
+    strcpy(buffer, input); // Potential buffer overflow
+}
+'''
+# Tokenize the input
+inputs = tokenizer(code_snippet, return_tensors="pt", truncation=True, padding="max_length", max_length=512)
+# Run inference
+with torch.no_grad():
+    outputs = model(**inputs)
+    predictions = torch.nn.functional.softmax(outputs.logits, dim=-1)
+    predicted_label = torch.argmax(predictions, dim=1).item()
+# Output the result
+print("Vulnerable Code" if predicted_label == 1 else "Safe Code")
+```
 ## Training Details
 ### Training Data
+- **Dataset:** `DetectVul/devign`
+- **Classes:** `0 (Safe)`, `1 (Vulnerable)`
+- **Size:** `21800` Code Snippets
 ### Training Procedure
+- **Optimizer:** AdamW
+- **Loss Function:** CrossEntropyLoss
+- **Batch Size:** 16
+- **Learning Rate:** 2e-05
+- **Epochs:** 3
+- **Hardware Used:** 2x T4 GPU
+### Metrics
+| Metric  | Score |
+|------------|-------------|
+| **Train Loss** | 0.6112 |
+| **Evaluation Loss** | 0.605983 |
+| **Accuracy** | 64.27% |
+| **F1 Score** | 51.8% |
+| **Precision** | 68.04% |
+| **Recall** | 41.9% |
 ## Environmental Impact
+| Factor  | Value |
+|-----------|----------|
+| **GPU Used** | 2x T4 GPU |
+| **Training Time** | ~1 hour |