Secure Code Review Stack
The layered AppSec pipeline: AST for structure, Semgrep for patterns, CodeQL for data-flow, LLM triage for false-positive suppression, autofix-with-approval for remediation.
The composition is the product. Semgrep is fast but shallow. CodeQL is deep but noisy. The LLM triages the noise but hallucinates. Autofix without a gate is dangerous. Each layer compensates for the failure mode of the layer before it — the stack's value is the composition, not any single tool.
LLM triage is the highest-leverage addition. CodeQL's 70-90% false-positive rate is why teams abandon it. The LLM suppression layer turns that noise into a signal a human can act on, at cents per finding. This is the economic case for the LLM in the stack.
The hallucination-mitigation constraint is suppress-with-reason, never confirm. The LLM can only reduce the queue (suppress false positives with an explanation); it cannot confirm or act. Every suppression is logged and a sample is human-audited. This bounds the blast radius to filter-only.
The human goes at two gates, both non-optional. The suppression-log sample audit catches hallucinated dismissals; the autofix PR review is the backstop against LLM error and prompt-injection-driven malicious patches. The human is not removed — the loop concentrates human attention on the decisions that require judgment.