ARTIFICIAL INTELLIGENCE STRATEGIES FOR ACHIEVING CODE QUALITY AND SECURITY AUDIT OF THE CHANGE IN CODE OR THIRD-PARTY LIBRARIES

Abstract

The trend of more and more code being generated with the help of AI and depending on third-party software libraries has exacerbated the difficulties in ensuring secure and quality code. The conventional methods of statical analysis do not reflect the real-world risk of exploitation, especially in component-based and AI-generated systems. The research suggests an artificial intelligence-based system of quality and security auditing of a code through the incorporation of Common Vulnerabilities and Exposures (CVE) data into Known Exploited Vulnerabilities (KEV) list by CISA. The Kaggle CVE data analysis demonstrates that practice exploitation of vulnerabilities is only 35 percent, which leads to severe class imbalance. To overcome this SMOTE-based resampling and supervised machine learning models such as Logistic Regression, Random Forest and XGBoost are used. The experiment outcomes prove that the proposed framework attains ROC-AUC values exceeding 0.80 with XGBoost offering the best performance. Through probability calibration and threshold optimization, vulnerabilities exploited during the process of learning display a 20 per cent better recall than default thresholds. The explainability using SHAP has shown that the metrics of the vulnerability age, CVSS base score, and CIA impact are the predictors. The results justify the successful code change and third-party library security auditing of contemporary DevSecOps setups.