This PR adds support in SARIF Pattern Matcher for leveraging custom machine learning models to filter out false positives. The PR
Adds a new validation state, TruePositiveDeterminedByML
Elevates the level of a finding to Error if the validation state is found to be TruePositiveDeterminedByML
Adds a new helper function in the StaticValidatorBase which leverages ML models to validate a finding. This method vectorizes a string to an integer array, loads an ONNX model, and then obtains a prediction probability by running the input vector on the model. If the prediction probability exceeds a threshold, the secret is deemed to be valid.
[ ] ReleaseHistory.md updated for non-trivial changes
Changes
This PR adds support in SARIF Pattern Matcher for leveraging custom machine learning models to filter out false positives. The PR
TruePositiveDeterminedByMLErrorif the validation state is found to beTruePositiveDeterminedByMLStaticValidatorBasewhich leverages ML models to validate a finding. This method vectorizes a string to an integer array, loads an ONNX model, and then obtains a prediction probability by running the input vector on the model. If the prediction probability exceeds a threshold, the secret is deemed to be valid.ReleaseHistory.mdupdated for non-trivial changes