7 Downloads Updated 6 days ago
ollama run oqxogithub/scanx-cve-llm
OWASP Top 10 Vulnerability Detection LLM built on the Ornith model and hosted on Ollama.
scanx-cve-llm is a specialized LLM for detecting security vulnerabilities in code, trained to identify all OWASP Top 10 (2021) categories:
| Category | Name |
|---|---|
| A01:2021 | Broken Access Control |
| A02:2021 | Cryptographic Failures |
| A03:2021 | Injection |
| A04:2021 | Insecure Design |
| A05:2021 | Security Misconfiguration |
| A06:2021 | Vulnerable and Outdated Components |
| A07:2021 | Identification and Authentication Failures |
| A08:2021 | Software and Data Integrity Failures |
| A09:2021 | Security Logging and Monitoring Failures |
| A10:2021 | Server-Side Request Forgery (SSRF) |
# Start Ollama and run the model
ollama run scanx-cve-llm
Analyze this code:
db.execute(f"DELETE FROM users WHERE id = {user_id}")
Output:
VULNERABLE - A03:2021 Injection - SQL injection via f-string interpolation
of `user_id` directly into the SQL query.
scanx-cve-llm/
├── dataset/
│ ├── generate_data.py # Dataset generation script
│ ├── owasp_train.jsonl # Training data (45 samples)
│ └── owasp_test.jsonl # Test data (5 samples)
├── training/
│ ├── config.yaml # Axolotl training config
│ └── train.py # Training script
├── models/ # Model output directory
├── modelfile # Ollama modelfile
└── README.md
The dataset contains code examples for: - Vulnerable code - Each OWASP category with common vulnerability patterns - Safe code - Secure implementations following best practices
cd scanx-cve-llm/dataset
uv run python generate_data.py
The project includes a training pipeline using LoRA with Axolotl. For full fine-tuning:
cd scanx-cve-llm/training
uv run python train.py
Note: Full training requires GPU. On CPU-only systems, the model uses prompt engineering for vulnerability detection.
Run the built-in test:
echo 'Analyze this code:
db.execute(f"SELECT * FROM users WHERE id = {user_id}")' | ollama run scanx-cve-llm
✅ Model is operational and detecting vulnerabilities across OWASP Top 10 categories.
For full fine-tuning with custom dataset, you’ll need a GPU with sufficient VRAM.