oke39/llama3-8b-secure-code

Jack: The Secure Code Agent (Llama-3 8B)

Jack is a specialized fine-tune of Llama-3 8B, engineered to detect and fix security vulnerabilities in Python code. It acts as an automated security auditor, taking insecure code as input and outputting a hardened, secure version.

Key Metrics

Metric	Score	Description
Bandit Pass Rate	88.0%	Percentage of fixes that pass the Bandit static analysis security tool.
BLEU Score	69.27	High structural similarity to human-expert security patches.

Quick Start

You can use this model directly via the Hugging Face Inference API or load it locally.

Inference API (Serverless)

import requests

API_URL = "[/static-proxy?url=https%3A%2F%2Fapi-inference.huggingface.co%2Fmodels%2Foke39%2Fllama3-8b-secure-code%5D(https%3A%2F%2Fapi-inference.huggingface.co%2Fmodels%2Foke39%2Fllama3-8b-secure-code)"
headers = {"Authorization": "Bearer YOUR_HF_TOKEN"}

payload = {
    "inputs": """<|begin_of_text|><|start_header_id|>system<|end_header_id|>

You are Jack, a Secure Code Agent. Fix the security vulnerability in the provided code.<|eot_id|><|start_header_id|>user<|end_header_id|>

def login(username, password):
    # Vulnerable SQL Injection
    query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"
    cursor.execute(query)<|eot_id|><|start_header_id|>assistant<|end_header_id|>
"""
}

response = requests.post(API_URL, headers=headers, json=payload)
print(response.json())

Training Details

• Dataset: Vulnerability Fix Dataset
• Vulnerabilities Covered: SQL Injection, XSS, Command Injection, Insecure Deserialization, Hardcoded Credentials.

Training Details

• GGUF Version: oke39/llama3-8b-secure-code-gguf
• MLflow Experiment Tracking: Dasgshub Project

Uploaded finetuned model

• Developed by: oke39
• License: apache-2.0
• Finetuned from model : unsloth/llama-3-8b-Instruct-bnb-4bit

This llama model was trained 2x faster with Unsloth and Huggingface's TRL library.