--- id: wiki-2026-0508-deepcode-ai title: DeepCode AI (Snyk Code) category: 10_Wiki/Topics status: verified canonical_id: self aliases: [DeepCode AI, Snyk Code, symbolic AI security, neuro-symbolic SAST, AI Fix] duplicate_of: none source_trust_level: B confidence_score: 0.85 verification_status: applied tags: [security, sast, snyk, deepcode, neuro-symbolic, ml-security, autofix, ai-code-analysis] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: SaaS framework: Snyk Code / DeepCode --- # DeepCode AI (Snyk Code) ## 매 한 줄 > **"매 LLM 의 X — 매 symbolic + neural 의 결합"**. 매 25M+ data flow + 매 19+ language. 매 interfile analysis. 매 commit-based 의 verified fix pattern. 매 modern hybrid 의 example (vs LLM-only Corgea). ## 매 핵심 differentiator ### Hybrid AI (vs LLM-only) - 매 symbolic reasoning + 매 NN. - 매 semantic representation 의 build. - 매 hallucination ↓. - 매 interpretable. ### Interfile dataflow - 매 file boundary 의 cross. - 매 multi-module vulnerability 의 catch. ### Commit-based fix pattern - 매 OSS 의 actual fix commits 의 학습. - 매 verified pattern. - 매 LLM hallucination 의 avoid. ### 매 history - 매 2017 ETH spinoff (DeepCode). - 매 2020 Snyk 의 acquire. - 매 2024 DeepCode AI Fix. ### 매 Snyk 의 stack - **Snyk Code** (DeepCode-powered SAST). - **Snyk Open Source** (SCA). - **Snyk Container** (image scan). - **Snyk IaC** (Terraform / K8s). ### 매 vs alternative | Tool | Approach | Strength | |---|---|---| | Snyk Code (DeepCode) | Hybrid neuro-symbolic | Verified fix + low FP | | Corgea | LLM-native | Business logic + autofix | | Semgrep | Pattern + custom | Speed + control | | SonarQube | Rule-based + AI | Quality gate | | GitHub Advanced | Code scanning + Copilot Autofix | GitHub integration | ### 매 limitation - 매 LLM-native 의 emerging features (Corgea) 의 less. - 매 enterprise SaaS pricing. - 매 language-specific depth varies. ## 💻 패턴 (응용 — Snyk integration) ### CLI scan ```bash npm install -g snyk snyk auth snyk code test # 매 SAST snyk code test --json # 매 JSON output snyk code test --severity-threshold=high ``` ### CI integration ```yaml - name: Snyk Code uses: snyk/actions/node@master env: { SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} } with: command: code test args: --severity-threshold=high --sarif-file-output=snyk-code.sarif - name: Upload SARIF uses: github/codeql-action/upload-sarif@v3 with: { sarif_file: snyk-code.sarif } ``` ### IDE integration ``` - VS Code: Snyk Security extension. - IntelliJ / WebStorm: Snyk plugin. - 매 inline 의 finding + fix 의 click. ``` ### DeepCode AI Fix workflow ``` 1. Vulnerability detected (e.g., SQL injection). 2. AI Fix 의 verified pattern 의 retrieve. 3. PR comment 의 diff 의 propose. 4. Developer 의 review + merge. 5. Snyk 의 re-test 의 confirm fix. ``` ### Multi-tool layered security ```yaml security_pipeline: pre_commit: - gitleaks # 매 secret pr: - snyk_code # 매 SAST (DeepCode) - snyk_open_source # 매 SCA (CVE) - semgrep # 매 custom rule - corgea # 매 LLM-native (optional, parallel) pre_deploy: - snyk_container # 매 image - cosign # 매 sign runtime: - falco ``` ### Custom rule (Snyk + Semgrep complementary) ```yaml # 매 .snyk policy ignore: 'SNYK-CC-K8S-1': - '*': reason: 'Internal dev cluster — non-prod' expires: '2026-12-31T00:00:00Z' # 매 semgrep for org-specific rules: - id: internal-deprecated-api pattern: oldClient.deprecatedMethod(...) message: Use newClient instead. severity: WARNING ``` ### Vulnerability triage ```python def triage_findings(snyk_findings): triaged = [] for f in snyk_findings: priority = ( f['severity_score'] * f['exploit_maturity_factor'] * # 매 0.5-2 f['reachability_factor'] # 매 0.3-1.5 ) triaged.append({ **f, 'priority': priority, 'sla_hours': sla_for_severity(f['severity']), }) return sorted(triaged, key=lambda x: -x['priority']) ``` ### Auto-fix verification ```python def verify_fix(original_code, ai_proposed_fix): # 매 1. syntax check if not parses_correctly(ai_proposed_fix): return 'invalid syntax' # 매 2. test still passes if not run_tests(ai_proposed_fix): return 'tests fail' # 매 3. vulnerability resolved if scan(ai_proposed_fix).has_vuln: return 'vuln remains' # 매 4. no new vuln introduced new_vulns = set(scan(ai_proposed_fix).vulns) - set(scan(original_code).vulns) if new_vulns: return f'introduces new: {new_vulns}' return 'verified' ``` ### SARIF (standard output) ```python import json def parse_sarif(sarif_file): with open(sarif_file) as f: data = json.load(f) findings = [] for run in data['runs']: for result in run['results']: findings.append({ 'rule': result['ruleId'], 'severity': result['level'], 'message': result['message']['text'], 'file': result['locations'][0]['physicalLocation']['artifactLocation']['uri'], 'line': result['locations'][0]['physicalLocation']['region']['startLine'], }) return findings ``` ### Suppress false positives ```js // 매 Snyk 의 inline ignore function safe_html(input) { // snyk-ignore: javascript/xss — 매 input 의 sanitized at boundary return `
${input}
`; } ``` ## 매 결정 기준 | 상황 | Tool | |---|---| | Mid-large + budget | Snyk Code (DeepCode) | | AI-native focus | Corgea | | Custom rules speed | Semgrep | | Open-source self-host | SemGrep | | GitHub native | GitHub Advanced Security | | Enterprise compliance | Veracode / Checkmarx | **기본값**: 매 Snyk + Semgrep complementary. ## 🔗 Graph - 부모: [[SAST]] · [[CI_CD 파이프라인 및 IDE 통합 보안|DevSecOps]] - 변형: [[Snyk-Code]] · [[Symbolic-AI]] · [[Hybrid-AI]] · [[Neural-Symbolic-Integration|Neuro-Symbolic-AI]] - 응용: [[Corgea]] · [[Semgrep]] · [[SonarQube]] · [[CI_CD 파이프라인 및 IDE 통합 보안]] - Adjacent: [[AI 코드 리뷰 및 보안 취약점 점검(DevSecOps)]] · [[Custom-ESLint-Rules-Development]] · [[CodeScene]] · [[AI 생성 코드 검증(AI Code Assurance)]] ## 🤖 LLM 활용 **언제**: 매 enterprise SAST. 매 multi-language. 매 verified autofix. **언제 X**: 매 budget-tight (Semgrep). 매 air-gapped. ## ❌ 안티패턴 - **Single tool**: 매 layered defense X. - **No triage**: 매 alert fatigue. - **AI Fix 의 blind merge**: 매 verify 의 still 필요. - **No SARIF integration**: 매 dashboard 의 single source X. ## 🧪 검증 / 중복 - Verified (Snyk docs, DeepCode papers, ETH spinoff history). - 신뢰도 B. - Related: [[Corgea]] · [[CI_CD 파이프라인 및 IDE 통합 보안]] · [[Custom-ESLint-Rules-Development]] · [[CodeScene]]. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — neuro-symbolic + 매 CI / SARIF / triage / verify code |