Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Bugdar: AI-Augmented Secure Code Review for GitHub Pull Requests

John Naulty, Eason Chen, Joy Wang, George Digkas, Kostas Chalkias

TL;DR

Bugdar presents an AI-augmented secure code review system integrated into GitHub pull requests, addressing the trade-off between speed and accuracy in vulnerability detection. By fusing fine-tuned large language models with Retrieval Augmented Generation, it delivers context-aware, project-specific security feedback across Move, Solidity, Rust, and Python, achieving substantial time Savings (≈56.4 seconds per PR) while maintaining actionable remediation guidance. The work demonstrates improved vulnerability detection and commentary quality, supported by real-world PR datasets, quantitative metrics, case studies, and preliminary user studies, though it also acknowledges limitations in language coverage and domain-specific understanding. Overall, Bugdar enables proactive secure coding within developer workflows, potentially accelerating secure software delivery without compromising productivity.

Abstract

As software systems grow increasingly complex, ensuring security during development poses significant challenges. Traditional manual code audits are often expensive, time-intensive, and ill-suited for fast-paced workflows, while automated tools frequently suffer from high false-positive rates, limiting their reliability. To address these issues, we introduce Bugdar, an AI-augmented code review system that integrates seamlessly into GitHub pull requests, providing near real-time, context-aware vulnerability analysis. Bugdar leverages fine-tunable Large Language Models (LLMs) and Retrieval Augmented Generation (RAGs) to deliver project-specific, actionable feedback that aligns with each codebase's unique requirements and developer practices. Supporting multiple programming languages, including Solidity, Move, Rust, and Python, Bugdar demonstrates exceptional efficiency, processing an average of 56.4 seconds per pull request or 30 lines of code per second. This is significantly faster than manual reviews, which could take hours per pull request. By facilitating a proactive approach to secure coding, Bugdar reduces the reliance on manual reviews, accelerates development cycles, and enhances the security posture of software systems without compromising productivity.

Bugdar: AI-Augmented Secure Code Review for GitHub Pull Requests

TL;DR

Bugdar presents an AI-augmented secure code review system integrated into GitHub pull requests, addressing the trade-off between speed and accuracy in vulnerability detection. By fusing fine-tuned large language models with Retrieval Augmented Generation, it delivers context-aware, project-specific security feedback across Move, Solidity, Rust, and Python, achieving substantial time Savings (≈56.4 seconds per PR) while maintaining actionable remediation guidance. The work demonstrates improved vulnerability detection and commentary quality, supported by real-world PR datasets, quantitative metrics, case studies, and preliminary user studies, though it also acknowledges limitations in language coverage and domain-specific understanding. Overall, Bugdar enables proactive secure coding within developer workflows, potentially accelerating secure software delivery without compromising productivity.

Abstract

As software systems grow increasingly complex, ensuring security during development poses significant challenges. Traditional manual code audits are often expensive, time-intensive, and ill-suited for fast-paced workflows, while automated tools frequently suffer from high false-positive rates, limiting their reliability. To address these issues, we introduce Bugdar, an AI-augmented code review system that integrates seamlessly into GitHub pull requests, providing near real-time, context-aware vulnerability analysis. Bugdar leverages fine-tunable Large Language Models (LLMs) and Retrieval Augmented Generation (RAGs) to deliver project-specific, actionable feedback that aligns with each codebase's unique requirements and developer practices. Supporting multiple programming languages, including Solidity, Move, Rust, and Python, Bugdar demonstrates exceptional efficiency, processing an average of 56.4 seconds per pull request or 30 lines of code per second. This is significantly faster than manual reviews, which could take hours per pull request. By facilitating a proactive approach to secure coding, Bugdar reduces the reliance on manual reviews, accelerates development cycles, and enhances the security posture of software systems without compromising productivity.

Paper Structure

This paper contains 16 sections, 1 figure, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. System Development
  4. System Architecture
  5. Analysis Workflow
  6. Dataset
  7. Evaluation Metrics:
  8. Results
  9. Quantitative Results
  10. Time Spent
  11. Case Studies
  12. User Studies
  13. Discussion
  14. Strengths, Challenges, and Limitation
  15. Future Directions
  16. ...and 1 more sections

Figures (1)

  • Figure 1: The diagram illustrated the architecture of the Bugdar system.