This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: https://sgcode.codes/.

翻译：本文介绍SGCode，一种灵活的提示优化系统，用于通过大型语言模型（LLM）生成安全代码。SGCode将最新的提示优化方法与LLM集成在一个可通过前端和后端API访问的统一系统中，使用户能够：1）生成无漏洞的安全代码；2）审查和共享安全分析；3）轻松在不同提示优化方法之间切换，同时提供关于模型和系统性能的洞察。我们在AWS服务器上部署了SGCode，并集成了PromSec方法——该方法通过结合LLM、安全工具以及轻量级生成对抗图神经网络来优化提示，以检测和修复生成代码中的安全漏洞。大量实验表明，SGCode作为一种公共工具具有实用性，可帮助深入理解模型效用、安全代码生成和系统成本之间的权衡。与直接提示LLM相比，SGCode仅产生边际成本。SGCode可通过以下网址访问：https://sgcode.codes/。