I am totally thinking about adding this so you can connect to an API or use self hosted models that run in a container if you have the resources!!!! You are spot on.
makes sense - if folks can bring their own model, they can fine-tune detection for whatever code patterns matter to them. the auth edge cases I mentioned (malformed token handling, middleware ordering) would be way easier to catch with a model trained on actual vulnerable examples than trying to write regex rules for every variant.
the_harpia_io|23 days ago