English

Improving Automated Secure Code Reviews: A Synthetic Dataset for Code Vulnerability Flaws

Software Engineering 2025-04-24 v1

Abstract

Automation of code reviews using AI models has garnered substantial attention in the software engineering community as a strategy to reduce the cost and effort associated with traditional peer review processes. These models are typically trained on extensive datasets of real-world code reviews that address diverse software development concerns, including testing, refactoring, bug fixes, performance optimization, and maintainability improvements. However, a notable limitation of these datasets is the under representation of code vulnerabilities, critical flaws that pose significant security risks, with security-focused reviews comprising a small fraction of the data. This scarcity of vulnerability-specific data restricts the effectiveness of AI models in identifying and commenting on security-critical code. To address this issue, we propose the creation of a synthetic dataset consisting of vulnerability-focused reviews that specifically comment on security flaws. Our approach leverages Large Language Models (LLMs) to generate human-like code review comments for vulnerabilities, using insights derived from code differences and commit messages. To evaluate the usefulness of the generated synthetic dataset, we plan to use it to fine-tune three existing code review models. We anticipate that the synthetic dataset will improve the performance of the original code review models.

Keywords

Cite

@article{arxiv.2504.16310,
  title  = {Improving Automated Secure Code Reviews: A Synthetic Dataset for Code Vulnerability Flaws},
  author = {Leonardo Centellas-Claros and Juan J. Alonso-Lecaros and Juan Pablo Sandoval Alcocer and Andres Neyem},
  journal= {arXiv preprint arXiv:2504.16310},
  year   = {2025}
}

Comments

MSR 2025 - Registered Reports

R2 v1 2026-06-28T23:07:53.749Z