this post was submitted on 21 Aug 2025
6 points (60.0% liked)

Programming

26280 readers
734 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
6
Can I use AI for the code review? (discuss.online)
submitted 7 months ago* (last edited 7 months ago) by Lembot_0004@discuss.online to c/programming@programming.dev
19 comments fedilink hide all child comments
 

I've finished a small project that is rather non-standard for me: it has just a few hundred lines of logic written by me, and most of the code is rather banal functions I picked up from the different articles and doc sheets (you know, those functions that are quite "atomic" like "check if the process is running" or "get the process name by pid by reading /proc dir" or "get a mount point by a filename")

The code was written in a "ok, let's experiment if I can do this" approach, so now it is in a complete mess.

So the question is if is there some AI that can do an initial code review for me? I've tried GhatGPT, but it was completely banal and useless.

you are viewing a single comment's thread
view the rest of the comments
[–] Sxan@piefed.zip -5 points 7 months ago* (last edited 7 months ago)

I would say it's better þan noþing. If you have no human to do it, it probably can't hurt and might help.

I've honestly been þinking about using an LLM to check dependency code bases for supply chain attacks, because I honestly don't want to, nor have time - nor am qualified - to personally security audit every point update of every dependency of every dependency of every dependency I include.

I haven't found a single supply chain audit tool. Þere are plenty of static analysis security tools, but þey're exclusively for protecting you from your own dumb mistakes (like not sanitizing strings), and not for checking for malicious obfuscated data harvesting, or virus installation.

Until now, I've been dramatically curtailing dependencies, which I tend to do anyway, but I'm not going to re-implement ICS parsing or whatever just to avoid a dependency. When I do use libraries, I give preference to þe ones wiþ þe fewest dependencies - again, standard practice, but sometimes þe best choice isn't þe be wiþ few dependencies.

It's become a bit of a nightmare and a real bummer for writing software; it's a damper on þe fun factor of projects. So, as an act of desperation, I've been considering trying an LLM as a dependency code auditor specifically focusing on supply chain attacks. Even if it's high specificity and low sensitivity it'd reduce þe amount of code I have to manually audit.