bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/DeepCode AI.md
T
koriweb d8a80f6272 chore(wiki): dangling 링크 canonical 정규화 (768파일/1200건) 
이름만 다른(표기 변형) [[위키링크]]를 대상 문서의 canonical 제목으로 치환해
끊겼던 1,200개 링크를 연결. 제목/파일명 정규화 일치만 적용하고 별칭 매칭은
과병합 위험으로 제외(애매성 가드). 원본은 _link_reconcile_backup/ 에 백업.
도구: Datacollect/scripts/link_reconcile_apply.mjs

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 12:24:15 +09:00

251 lines
7.1 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-deepcode-ai
title: DeepCode AI (Snyk Code)
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [DeepCode AI, Snyk Code, symbolic AI security, neuro-symbolic SAST, AI Fix]
duplicate_of: none
source_trust_level: B
confidence_score: 0.85
verification_status: applied
tags: [security, sast, snyk, deepcode, neuro-symbolic, ml-security, autofix, ai-code-analysis]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: SaaS
framework: Snyk Code / DeepCode
---
# DeepCode AI (Snyk Code)
## 매 한 줄
> **"매 LLM 의 X — 매 symbolic + neural 의 결합"**. 매 25M+ data flow + 매 19+ language. 매 interfile analysis. 매 commit-based 의 verified fix pattern. 매 modern hybrid 의 example (vs LLM-only Corgea).
## 매 핵심 differentiator
### Hybrid AI (vs LLM-only)
- 매 symbolic reasoning + 매 NN.
- 매 semantic representation 의 build.
- 매 hallucination ↓.
- 매 interpretable.
### Interfile dataflow
- 매 file boundary 의 cross.
- 매 multi-module vulnerability 의 catch.
### Commit-based fix pattern
- 매 OSS 의 actual fix commits 의 학습.
- 매 verified pattern.
- 매 LLM hallucination 의 avoid.
### 매 history
- 매 2017 ETH spinoff (DeepCode).
- 매 2020 Snyk 의 acquire.
- 매 2024 DeepCode AI Fix.
### 매 Snyk 의 stack
- **Snyk Code** (DeepCode-powered SAST).
- **Snyk Open Source** (SCA).
- **Snyk Container** (image scan).
- **Snyk IaC** (Terraform / K8s).
### 매 vs alternative
| Tool | Approach | Strength |
|---|---|---|
| Snyk Code (DeepCode) | Hybrid neuro-symbolic | Verified fix + low FP |
| Corgea | LLM-native | Business logic + autofix |
| Semgrep | Pattern + custom | Speed + control |
| SonarQube | Rule-based + AI | Quality gate |
| GitHub Advanced | Code scanning + Copilot Autofix | GitHub integration |
### 매 limitation
- 매 LLM-native 의 emerging features (Corgea) 의 less.
- 매 enterprise SaaS pricing.
- 매 language-specific depth varies.
## 💻 패턴 (응용 — Snyk integration)
### CLI scan
```bash
npm install -g snyk
snyk auth
snyk code test # 매 SAST
snyk code test --json # 매 JSON output
snyk code test --severity-threshold=high
```
### CI integration
```yaml
- name: Snyk Code
uses: snyk/actions/node@master
env: { SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} }
with:
command: code test
args: --severity-threshold=high --sarif-file-output=snyk-code.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with: { sarif_file: snyk-code.sarif }
```
### IDE integration
```
- VS Code: Snyk Security extension.
- IntelliJ / WebStorm: Snyk plugin.
- 매 inline 의 finding + fix 의 click.
```
### DeepCode AI Fix workflow
```
1. Vulnerability detected (e.g., SQL injection).
2. AI Fix 의 verified pattern 의 retrieve.
3. PR comment 의 diff 의 propose.
4. Developer 의 review + merge.
5. Snyk 의 re-test 의 confirm fix.
```
### Multi-tool layered security
```yaml
security_pipeline:
pre_commit:
- gitleaks # 매 secret
pr:
- snyk_code # 매 SAST (DeepCode)
- snyk_open_source # 매 SCA (CVE)
- semgrep # 매 custom rule
- corgea # 매 LLM-native (optional, parallel)
pre_deploy:
- snyk_container # 매 image
- cosign # 매 sign
runtime:
- falco
```
### Custom rule (Snyk + Semgrep complementary)
```yaml
# 매 .snyk policy
ignore:
'SNYK-CC-K8S-1':
- '*':
reason: 'Internal dev cluster — non-prod'
expires: '2026-12-31T00:00:00Z'
# 매 semgrep for org-specific
rules:
- id: internal-deprecated-api
pattern: oldClient.deprecatedMethod(...)
message: Use newClient instead.
severity: WARNING
```
### Vulnerability triage
```python
def triage_findings(snyk_findings):
triaged = []
for f in snyk_findings:
priority = (
f['severity_score'] *
f['exploit_maturity_factor'] * # 매 0.5-2
f['reachability_factor'] # 매 0.3-1.5
)
triaged.append({
**f,
'priority': priority,
'sla_hours': sla_for_severity(f['severity']),
})
return sorted(triaged, key=lambda x: -x['priority'])
```
### Auto-fix verification
```python
def verify_fix(original_code, ai_proposed_fix):
# 매 1. syntax check
if not parses_correctly(ai_proposed_fix): return 'invalid syntax'
# 매 2. test still passes
if not run_tests(ai_proposed_fix): return 'tests fail'
# 매 3. vulnerability resolved
if scan(ai_proposed_fix).has_vuln: return 'vuln remains'
# 매 4. no new vuln introduced
new_vulns = set(scan(ai_proposed_fix).vulns) - set(scan(original_code).vulns)
if new_vulns: return f'introduces new: {new_vulns}'
return 'verified'
```
### SARIF (standard output)
```python
import json
def parse_sarif(sarif_file):
with open(sarif_file) as f:
data = json.load(f)
findings = []
for run in data['runs']:
for result in run['results']:
findings.append({
'rule': result['ruleId'],
'severity': result['level'],
'message': result['message']['text'],
'file': result['locations'][0]['physicalLocation']['artifactLocation']['uri'],
'line': result['locations'][0]['physicalLocation']['region']['startLine'],
})
return findings
```
### Suppress false positives
```js
// 매 Snyk 의 inline ignore
function safe_html(input) {
// snyk-ignore: javascript/xss — 매 input 의 sanitized at boundary
return `<div>${input}</div>`;
}
```
## 매 결정 기준
| 상황 | Tool |
|---|---|
| Mid-large + budget | Snyk Code (DeepCode) |
| AI-native focus | Corgea |
| Custom rules speed | Semgrep |
| Open-source self-host | SemGrep |
| GitHub native | GitHub Advanced Security |
| Enterprise compliance | Veracode / Checkmarx |
**기본값**: 매 Snyk + Semgrep complementary.
## 🔗 Graph
- 부모: [[SAST]] · [[CI/CD Pipeline & IDE Security Integration|DevSecOps]]
- 변형: [[Snyk-Code]] · [[Symbolic-AI]] · [[Hybrid-AI]] · [[Neural-Symbolic-Integration|Neuro-Symbolic-AI]]
- 응용: [[Corgea]] · [[Semgrep]] · [[SonarQube]] · [[CI_CD 파이프라인 및 IDE 통합 보안]]
- Adjacent: [[AI 코드 리뷰 및 보안 취약점 점검(DevSecOps)]] · [[Custom-ESLint-Rules-Development]] · [[CodeScene]] · [[AI 생성 코드 검증(AI Code Assurance)]]
## 🤖 LLM 활용
**언제**: 매 enterprise SAST. 매 multi-language. 매 verified autofix.
**언제 X**: 매 budget-tight (Semgrep). 매 air-gapped.
## ❌ 안티패턴
- **Single tool**: 매 layered defense X.
- **No triage**: 매 alert fatigue.
- **AI Fix 의 blind merge**: 매 verify 의 still 필요.
- **No SARIF integration**: 매 dashboard 의 single source X.
## 🧪 검증 / 중복
- Verified (Snyk docs, DeepCode papers, ETH spinoff history).
- 신뢰도 B.
- Related: [[Corgea]] · [[CI_CD 파이프라인 및 IDE 통합 보안]] · [[Custom-ESLint-Rules-Development]] · [[CodeScene]].
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — neuro-symbolic + 매 CI / SARIF / triage / verify code |
Reference in New Issue View Git Blame Copy Permalink