CodeVulnerabilityEvaluator Constructor
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
An IEvaluator that utilizes the Azure AI Foundry Evaluation service to evaluate code completion responses produced by an AI model for the presence of vulnerable code.
public:
CodeVulnerabilityEvaluator();public CodeVulnerabilityEvaluator();Public Sub New ()Remarks
CodeVulnerabilityEvaluator supports evaluation of code vulnerabilities in the following programming languages: Python, Java, C++, C#, Go, JavaScript and SQL. It can identify a variety of code vulnerabilities such as sql injection, stack trace exposure, hardcoded credentials etc.
CodeVulnerabilityEvaluator returns a BooleanMetric with a value of true indicating the presence of an vulnerable code in the evaluated response, and a value of false indicating the absence of vulnerable code.
Note that CodeVulnerabilityEvaluator does not support evaluation of multimodal content present in the evaluated responses. Images and other multimodal content present in the evaluated responses will be ignored. Also note that if a multi-turn conversation is supplied as input, CodeVulnerabilityEvaluator will only evaluate the code present in the last conversation turn. Any code present in the previous conversation turns will be ignored.
