摘要
针对软件供应链安全风险检测需求,基于DeepSeek大语言模型设计开发了智能化检测工具。通过将预训练大模型嵌入检测流程,并创新性结合动态软件物料清单(SBOM)生成技术与异步检测框架,在提升检测覆盖率的同时实现实时性优化与误报率控制。实验选取典型开源项目及商业软件进行测试,结果表明该工具能有效识别供应链中的安全漏洞,并生成包含风险定位与修复建议的详细报告。工具充分发挥DeepSeek模型在语义理解与模式识别方面的优势,提供交互式漏洞分析界面,支持开发人员快速完成风险溯源与修复验证,为软件供应链安全提供了新的AI驱动解决方案,具有实际工程应用价值。
Aiming at the demand for the security risk detection of software supply chain,an intelligent detection tool was designed and developed based on the DeepSeek large language model.By embedding a pre-trained large model into the detection process,and innovatively combining dynamic software bill of materials(SBOM)generation technology and asynchronous detection framework,the tool improves detection coverage while achieving real-time optimization and false alarm rate control.The experiment selected typical open source projects and commercial software for testing.The results show that the tool can effectively identify security vulnerabilities in the supply chain and generate detailed reports containing risk positioning and repair recommendation.The tool fully utilizes the advantages of the DeepSeek model in semantic understanding and pattern recognition,provides an interactive vulnerability analysis interface,and supports developers to quickly complete risk tracing and repair verification.The research provides a new AI-driven solution for the software supply chain security,which has practical engineering application value.
作者
柳亚男
季铖睿
仓基云
张正
阎浩
马乐军
LIU Yanan;JI Chengrui;CANG Jiyun;ZHANG Zheng;YAN Hao;MA Lejun(Jinling Institute of Technology,Nanjing 211169,China)
出处
《金陵科技学院学报》
2025年第2期1-8,共8页
Journal of Jinling Institute of Technology
基金
江苏高校“青蓝工程”优秀青年骨干教师培养对象资助项目。
关键词
软件供应链安全
DeepSeek大语言模型
第三方库
人工智能分析
漏洞挖掘
software supply chain security
DeepSeek large language model
third-party libraries
artificial intelligence analysis
vulnerability mining
