AI/ML Enhanced Analysis

Adds lightweight AI-powered prioritization on top of every scan: EPSS-style enrichment, reachability awareness, and suppression of low-signal findings so you can focus on exploitable issues first.

What it does

  • Assigns priority_score using severity, confidence, EPSS-like data, and reachability.
  • Enriches findings with epss_score, reachability flags, and suppressed markers for low-risk items.
  • Works offline by default; optionally load EPSS maps from CP_EPSS_PATH.
  • Surfaces AI badges in the dashboard (priority, EPSS, reachability, suppressed).

Enable it

Turn on AI prioritization via config or environment:

# codephreak.yml
premium:
  enable_ai_prioritization: true
  # optional: supply API key/org for hosted flows

# or set environment variable
export CP_ENABLE_AI_PRIORITIZATION=true

# optional: provide EPSS map (JSON of CVE/rule -> score)
export CP_EPSS_PATH=~/epss.json
# run a scan with AI scoring enabled
CP_ENABLE_AI_PRIORITIZATION=true codephreak scan .

# sample snippet from JSON output
{
  "rule_id": "CVE-2023-12345",
  "severity": "HIGH",
  "priority_score": 0.82,
  "epss_score": 0.72,
  "reachability": true,
  "suppressed": false
}

How scoring works

  • Severity + confidence weights drive most of the score (capped at 1.0).
  • EPSS contributes up to 25%; missing EPSS defaults to 0.05.
  • Reachable items get an extra boost; unreachable + low EPSS (<0.02) are marked suppressed when severity is Low/Medium/Info.
  • EPSS lookup prefers CVE IDs in rule_id; otherwise uses the rule ID itself.

Reachability hints (optional)

If you have reachability signals (e.g., call-graph reach, exposed endpoints), supply a fingerprint map keyed by tool:rule_id:file:line when calling the AI engine.

{
  "semgrep:CVE-2023-12345:src/api/users.py:42": true,
  "gitleaks:hardcoded_cred:config/dev.env:10": false
}

Dashboard signals

The dashboard highlights AI outputs: top prioritized findings, average EPSS, reachable count, and suppressed items. Each table row shows priority, EPSS, reachability, and suppression badges so teams can triage quickly.