Enhancing Static Code Analysis with AI-Assisted Detection of Security Vulnerabilities and Code Quality Issues
摘要
Static code analysis is fundamental for identifying security vulnerabilities and improving software quality; however, in most cases, it relies on predefined rule sets, leading to high false-positive and false-negative rates and reducing its effectiveness in detecting complex security flaws. This paper presents a framework for AI-assisted static code analysis that combines machine learning and natural language processing to improve the detection of vulnerabilities, lower the number of false alarms, and give automated suggestions for how to make code better. The proposed methodology refines security assessments by leveraging AI models trained on large-scale datasets of secure and insecure code, enabling contextual analysis beyond syntax-based detection. The experimental evaluation demonstrates the approach’s effectiveness in improving detection accuracy and assisting developers in secure coding practices. The results highlight the potential of AI-enhanced static code analysis in proactively mitigating security risks, improving software maintainability, and reducing developer workload. This research contributes to the field of AI-driven cybersecurity, addressing the limitations of conventional static analysis.