[{"data":1,"prerenderedAt":3063},["ShallowReactive",2],{"search-api":-1,"listing-tag-Code Review-page-1":3},[4,2038],{"_path":5,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":9,"description":10,"id":11,"date":12,"listed":13,"nocomments":7,"hidden":7,"categories":14,"tags":15,"--cover":20,"readingTime":21,"body":26,"_type":2032,"_id":2033,"_source":2034,"_file":2035,"_stem":2036,"_extension":2037},"/fr/intelligence-artificielle/ia-code-review-retour-experience","intelligence-artificielle",false,"","IA en code review : retour d'expérience après 6 mois","Après 6 mois d'outils IA dans les code reviews : ce qu'ils trouvent bien, ce qu'ils ratent systématiquement, et comment les intégrer sans dégrader la culture de review.",37,"2026-03-20",true,[6],[16,17,18,19],"Code Review","IA","Retour d'expérience","Qualité","covers/articles/ia-code-review-retour-experience.jpg",{"text":22,"minutes":23,"time":24,"words":25},"9 min read",8.765,525900,1753,{"type":27,"children":28,"toc":2023},"root",[29,37,43,48,57,61,68,73,99,212,222,232,242,245,251,256,266,276,286,296,306,319,322,328,333,343,353,363,366,372,380,385,393,406,499,507,512,520,525,528,534,544,554,564,574,577,583,593,603,613,623,628,631,637,660,673,1963,1976,1989,2002,2005,2017],{"type":30,"tag":31,"props":32,"children":34},"element","h1",{"id":33},"ia-en-code-review-retour-dexpérience-après-6-mois",[35],{"type":36,"value":9},"text",{"type":30,"tag":38,"props":39,"children":40},"p",{},[41],{"type":36,"value":42},"En janvier 2026, j'ai accompagné un client (15 développeurs) dans l'adoption de CodeRabbit. Le CTO avait une attente simple : réduire le temps de review sans dégrader la qualité. Six semaines plus tard, le temps de review humaine avait baissé de 35% (de 45 minutes à 30 minutes par PR en moyenne). Le taux de faux positifs de l'IA était à 28% initialement, réduit à 15% après ajustement de la configuration avec les conventions de l'équipe. Les reviewers disaient \"je me concentre sur ce qui compte\".",{"type":30,"tag":38,"props":44,"children":45},{},[46],{"type":36,"value":47},"Mais dans une autre équipe, chez un éditeur de logiciels de 18 développeurs, l'adoption du même type d'outil avait produit l'effet inverse : une \"alert fatigue\" qui avait dégradé la culture de review. Les développeurs ignoraient les commentaires IA en masse, y compris les commentaires importants.",{"type":30,"tag":38,"props":49,"children":50},{},[51],{"type":30,"tag":52,"props":53,"children":54},"strong",{},[55],{"type":36,"value":56},"La différence entre ces deux résultats n'était pas l'outil. C'était la méthode d'intégration.",{"type":30,"tag":58,"props":59,"children":60},"hr",{},[],{"type":30,"tag":62,"props":63,"children":65},"h2",{"id":64},"ce-que-lia-trouve-bien",[66],{"type":36,"value":67},"Ce que l'IA trouve bien",{"type":30,"tag":38,"props":69,"children":70},{},[71],{"type":36,"value":72},"L'IA en code review excelle sur les patterns connus et répétables.",{"type":30,"tag":38,"props":74,"children":75},{},[76,81,83,90,92,97],{"type":30,"tag":52,"props":77,"children":78},{},[79],{"type":36,"value":80},"Problèmes de sécurité évidents :",{"type":36,"value":82}," injections SQL, secrets hardcodés, XSS potentiels, dépendances avec CVE connus, des ",{"type":30,"tag":84,"props":85,"children":87},"a",{"href":86},"/fr/intelligence-artificielle/llm-securite-code-vulnerabilites",[88],{"type":36,"value":89},"vulnérabilités typiques du code LLM-généré",{"type":36,"value":91},". L'IA les détecte mieux que la review humaine moyenne, non pas parce qu'elle est plus intelligente, mais parce qu'elle ne fatigue pas et applique systématiquement les patterns connus. Une étude de ",{"type":30,"tag":52,"props":93,"children":94},{},[95],{"type":36,"value":96},"Stanford (2023)",{"type":36,"value":98}," documentait que 40% du code IA-généré contenait des vulnérabilités dans des contextes de sécurité spécifiques : l'IA en code review détecte précisément ces patterns.",{"type":30,"tag":100,"props":101,"children":105},"pre",{"className":102,"code":103,"language":104,"meta":8,"style":8},"language-python shiki shiki-themes catppuccin-frappe github-dark","# L'IA détecte ce pattern immédiatement\nquery = f\"SELECT * FROM users WHERE email = '{email}'\"  # SQL injection\n# Et suggère\nquery = \"SELECT * FROM users WHERE email = %s\"\n","python",[106],{"type":30,"tag":107,"props":108,"children":109},"code",{"__ignoreMap":8},[110,122,176,185],{"type":30,"tag":111,"props":112,"children":115},"span",{"class":113,"line":114},"line",1,[116],{"type":30,"tag":111,"props":117,"children":119},{"style":118},"--shiki-default:#737994;--shiki-default-font-style:italic;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit",[120],{"type":36,"value":121},"# L'IA détecte ce pattern immédiatement\n",{"type":30,"tag":111,"props":123,"children":125},{"class":113,"line":124},2,[126,132,138,144,150,156,161,166,171],{"type":30,"tag":111,"props":127,"children":129},{"style":128},"--shiki-default:#C6D0F5;--shiki-dark:#E1E4E8",[130],{"type":36,"value":131},"query ",{"type":30,"tag":111,"props":133,"children":135},{"style":134},"--shiki-default:#81C8BE;--shiki-dark:#F97583",[136],{"type":36,"value":137},"=",{"type":30,"tag":111,"props":139,"children":141},{"style":140},"--shiki-default:#A6D189;--shiki-default-font-style:italic;--shiki-dark:#F97583;--shiki-dark-font-style:inherit",[142],{"type":36,"value":143}," f",{"type":30,"tag":111,"props":145,"children":147},{"style":146},"--shiki-default:#A6D189;--shiki-dark:#9ECBFF",[148],{"type":36,"value":149},"\"SELECT * FROM users WHERE email = '",{"type":30,"tag":111,"props":151,"children":153},{"style":152},"--shiki-default:#F4B8E4;--shiki-dark:#79B8FF",[154],{"type":36,"value":155},"{",{"type":30,"tag":111,"props":157,"children":158},{"style":128},[159],{"type":36,"value":160},"email",{"type":30,"tag":111,"props":162,"children":163},{"style":152},[164],{"type":36,"value":165},"}",{"type":30,"tag":111,"props":167,"children":168},{"style":146},[169],{"type":36,"value":170},"'\"",{"type":30,"tag":111,"props":172,"children":173},{"style":118},[174],{"type":36,"value":175},"  # SQL injection\n",{"type":30,"tag":111,"props":177,"children":179},{"class":113,"line":178},3,[180],{"type":30,"tag":111,"props":181,"children":182},{"style":118},[183],{"type":36,"value":184},"# Et suggère\n",{"type":30,"tag":111,"props":186,"children":188},{"class":113,"line":187},4,[189,193,197,202,207],{"type":30,"tag":111,"props":190,"children":191},{"style":128},[192],{"type":36,"value":131},{"type":30,"tag":111,"props":194,"children":195},{"style":134},[196],{"type":36,"value":137},{"type":30,"tag":111,"props":198,"children":199},{"style":146},[200],{"type":36,"value":201}," \"SELECT * FROM users WHERE email = ",{"type":30,"tag":111,"props":203,"children":204},{"style":152},[205],{"type":36,"value":206},"%s",{"type":30,"tag":111,"props":208,"children":209},{"style":146},[210],{"type":36,"value":211},"\"\n",{"type":30,"tag":38,"props":213,"children":214},{},[215,220],{"type":30,"tag":52,"props":216,"children":217},{},[218],{"type":36,"value":219},"Problèmes de style et de conventions :",{"type":36,"value":221}," nommage incohérent, fonctions trop longues, complexité cyclomatique élevée, code dupliqué détectable par pattern matching. L'IA commente ces points avec une régularité que les reviewers humains n'ont pas, car ils s'habituent aux patterns de l'équipe et les ignorent progressivement.",{"type":30,"tag":38,"props":223,"children":224},{},[225,230],{"type":30,"tag":52,"props":226,"children":227},{},[228],{"type":36,"value":229},"Documentation manquante :",{"type":36,"value":231}," fonctions publiques sans docstring, paramètres non typés, valeurs de retour non documentées. L'IA les signale systématiquement et peut générer la documentation manquante en temps réel.",{"type":30,"tag":38,"props":233,"children":234},{},[235,240],{"type":30,"tag":52,"props":236,"children":237},{},[238],{"type":36,"value":239},"Tests manquants :",{"type":36,"value":241}," branches de code non couvertes par les tests présents dans la PR. L'IA peut identifier \"ce bloc else n'est pas testé\" avec une précision correcte.",{"type":30,"tag":58,"props":243,"children":244},{},[],{"type":30,"tag":62,"props":246,"children":248},{"id":247},"ce-que-lia-rate-systématiquement",[249],{"type":36,"value":250},"Ce que l'IA rate systématiquement",{"type":30,"tag":38,"props":252,"children":253},{},[254],{"type":36,"value":255},"Après 6 mois d'observation, j'ai identifié 5 angles morts récurrents.",{"type":30,"tag":38,"props":257,"children":258},{},[259,264],{"type":30,"tag":52,"props":260,"children":261},{},[262],{"type":36,"value":263},"La cohérence avec le reste du codebase :",{"type":36,"value":265}," l'IA revoit la PR en isolation. Si la base de code utilise un pattern de gestion d'erreur spécifique, l'IA peut suggérer un pattern différent, techniquement correct mais incohérent avec le reste. Après 6 mois, c'est le problème numéro un des équipes : l'IA crée du bruit avec des suggestions valides techniquement mais inadaptées au contexte.",{"type":30,"tag":38,"props":267,"children":268},{},[269,274],{"type":30,"tag":52,"props":270,"children":271},{},[272],{"type":36,"value":273},"La logique métier incorrecte :",{"type":36,"value":275}," une fonction qui calcule incorrectement une remise selon des règles business spécifiques : l'IA ne voit pas le problème si le code est techniquement correct. Ce bug ne sera trouvé que par un reviewer humain qui connaît les règles métier.",{"type":30,"tag":38,"props":277,"children":278},{},[279,284],{"type":30,"tag":52,"props":280,"children":281},{},[282],{"type":36,"value":283},"L'impact architectural :",{"type":36,"value":285}," un changement qui passe tous les tests et respecte tous les patterns de style peut introduire un couplage architectural problématique à long terme. L'IA ne voit pas les implications systémiques d'un changement local.",{"type":30,"tag":38,"props":287,"children":288},{},[289,294],{"type":30,"tag":52,"props":290,"children":291},{},[292],{"type":36,"value":293},"La duplication de logique métier cross-services :",{"type":36,"value":295}," deux services qui implémentent la même règle légèrement différemment. L'IA revoit un service à la fois, elle ne peut pas détecter la duplication sans contexte étendu.",{"type":30,"tag":38,"props":297,"children":298},{},[299,304],{"type":30,"tag":52,"props":300,"children":301},{},[302],{"type":36,"value":303},"L'intention du changement :",{"type":36,"value":305}," une PR qui modifie une constante de configuration. L'IA commente sur le style. Elle ne peut pas dire \"cette constante avait été fixée à cette valeur pour contourner un bug du service X, la modifier va créer des problèmes en production.\"",{"type":30,"tag":307,"props":308,"children":313},"cta",{"cta":309,"href":310,"title":311,"type":312},"Réserver mon diagnostic gratuit →","https://app.kamanga.fr/forms/discovery-call","Vous adoptez des outils IA dans votre workflow de review et vous voulez éviter les pièges ?","call",[314],{"type":30,"tag":38,"props":315,"children":316},{},[317],{"type":36,"value":318},"Vous avez adopté ou envisagez d'adopter un outil IA en code review, mais vous ne savez pas comment l'intégrer sans dégrader la culture d'équipe. En 30 minutes, on définit les règles d'utilisation, les limites, et le processus adapté à votre contexte.",{"type":30,"tag":58,"props":320,"children":321},{},[],{"type":30,"tag":62,"props":323,"children":325},{"id":324},"limpact-sur-la-culture-de-review",[326],{"type":36,"value":327},"L'impact sur la culture de review",{"type":30,"tag":38,"props":329,"children":330},{},[331],{"type":36,"value":332},"Ce que les équipes rapportent après 6 mois :",{"type":30,"tag":38,"props":334,"children":335},{},[336,341],{"type":30,"tag":52,"props":337,"children":338},{},[339],{"type":36,"value":340},"Ce qui s'améliore :",{"type":36,"value":342}," les reviews humaines se concentrent plus sur le fond (logique métier, architecture, cohérence) et moins sur la forme (style, conventions). L'IA filtre le bruit. Les développeurs juniors reçoivent plus de feedback structuré et rapide, l'IA joue un rôle de \"premier reviewer\" qui leur permet d'améliorer leur code avant la review humaine.",{"type":30,"tag":38,"props":344,"children":345},{},[346,351],{"type":30,"tag":52,"props":347,"children":348},{},[349],{"type":36,"value":350},"Ce qui se dégrade si mal géré :",{"type":36,"value":352}," dans plusieurs équipes, le volume de commentaires IA a créé une \"alert fatigue\". Les développeurs commencent à ignorer les commentaires IA en masse, y compris les commentaires importants. Une équipe a constaté une augmentation de 30% du nombre de commentaires de PR, avec une diminution de la qualité de l'engagement sur chacun.",{"type":30,"tag":38,"props":354,"children":355},{},[356,361],{"type":30,"tag":52,"props":357,"children":358},{},[359],{"type":36,"value":360},"Le risque principal :",{"type":36,"value":362}," la délégation de responsabilité. \"L'IA a approuvé, donc ça doit être bon.\" Ce pattern crée une fausse sécurité dangereuse. Les reviewers humains réduisent l'intensité de leur review quand l'IA a déjà commenté. J'ai vu ce pattern se répéter dans chaque équipe qui n'avait pas défini explicitement la séparation des responsabilités.",{"type":30,"tag":58,"props":364,"children":365},{},[],{"type":30,"tag":62,"props":367,"children":369},{"id":368},"les-règles-dintégration-qui-fonctionnent",[370],{"type":36,"value":371},"Les règles d'intégration qui fonctionnent",{"type":30,"tag":38,"props":373,"children":374},{},[375],{"type":30,"tag":52,"props":376,"children":377},{},[378],{"type":36,"value":379},"Règle 1 : Séparer les commentaires IA des commentaires humains",{"type":30,"tag":38,"props":381,"children":382},{},[383],{"type":36,"value":384},"Les commentaires IA doivent être visuellement distincts. Le reviewer humain sait que l'IA a déjà reviewé les aspects de style/sécurité et peut se concentrer sur le fond. CodeRabbit et les intégrations GitHub Copilot le font nativement. Si vous utilisez une intégration personnalisée, utilisez un bot account dédié.",{"type":30,"tag":38,"props":386,"children":387},{},[388],{"type":30,"tag":52,"props":389,"children":390},{},[391],{"type":36,"value":392},"Règle 2 : Définir ce que l'IA revoit, définir ce que l'humain revoit",{"type":30,"tag":38,"props":394,"children":395},{},[396,398,404],{"type":36,"value":397},"Complétez ce tableau avec la ",{"type":30,"tag":84,"props":399,"children":401},{"href":400},"/fr/intelligence-artificielle/tester-code-genere-ia-checklist",[402],{"type":36,"value":403},"checklist de validation du code IA",{"type":36,"value":405}," pour les PRs à fort contenu généré.",{"type":30,"tag":407,"props":408,"children":409},"table",{},[410,429],{"type":30,"tag":411,"props":412,"children":413},"thead",{},[414],{"type":30,"tag":415,"props":416,"children":417},"tr",{},[418,424],{"type":30,"tag":419,"props":420,"children":421},"th",{},[422],{"type":36,"value":423},"L'IA revoit",{"type":30,"tag":419,"props":425,"children":426},{},[427],{"type":36,"value":428},"L'humain revoit",{"type":30,"tag":430,"props":431,"children":432},"tbody",{},[433,447,460,473,486],{"type":30,"tag":415,"props":434,"children":435},{},[436,442],{"type":30,"tag":437,"props":438,"children":439},"td",{},[440],{"type":36,"value":441},"Sécurité (injections, secrets)",{"type":30,"tag":437,"props":443,"children":444},{},[445],{"type":36,"value":446},"Logique métier",{"type":30,"tag":415,"props":448,"children":449},{},[450,455],{"type":30,"tag":437,"props":451,"children":452},{},[453],{"type":36,"value":454},"Style et conventions",{"type":30,"tag":437,"props":456,"children":457},{},[458],{"type":36,"value":459},"Impact architectural",{"type":30,"tag":415,"props":461,"children":462},{},[463,468],{"type":30,"tag":437,"props":464,"children":465},{},[466],{"type":36,"value":467},"Tests manquants",{"type":30,"tag":437,"props":469,"children":470},{},[471],{"type":36,"value":472},"Cohérence avec le codebase",{"type":30,"tag":415,"props":474,"children":475},{},[476,481],{"type":30,"tag":437,"props":477,"children":478},{},[479],{"type":36,"value":480},"Complexité excessive",{"type":30,"tag":437,"props":482,"children":483},{},[484],{"type":36,"value":485},"Intention du changement",{"type":30,"tag":415,"props":487,"children":488},{},[489,494],{"type":30,"tag":437,"props":490,"children":491},{},[492],{"type":36,"value":493},"Documentation manquante",{"type":30,"tag":437,"props":495,"children":496},{},[497],{"type":36,"value":498},"Trade-offs de design",{"type":30,"tag":38,"props":500,"children":501},{},[502],{"type":30,"tag":52,"props":503,"children":504},{},[505],{"type":36,"value":506},"Règle 3 : Ne pas rendre la review IA bloquante par défaut",{"type":30,"tag":38,"props":508,"children":509},{},[510],{"type":36,"value":511},"La review IA ne doit pas bloquer le merge de façon automatique sur les commentaires non-critiques. Seuls les commentaires de sécurité (injection, secrets, vulnérabilités connues) méritent un blocage automatique. Les autres sont des suggestions que l'auteur de la PR peut accepter ou rejeter explicitement.",{"type":30,"tag":38,"props":513,"children":514},{},[515],{"type":30,"tag":52,"props":516,"children":517},{},[518],{"type":36,"value":519},"Règle 4 : Conserver la review humaine comme étape obligatoire",{"type":30,"tag":38,"props":521,"children":522},{},[523],{"type":36,"value":524},"Même avec un outil IA excellent, la review humaine reste obligatoire. La tentation de supprimer la review humaine pour les \"petites PR\" est dangereuse, car c'est souvent sur une \"petite PR\" que le bug critique est introduit.",{"type":30,"tag":58,"props":526,"children":527},{},[],{"type":30,"tag":62,"props":529,"children":531},{"id":530},"les-métriques-de-suivi-à-6-mois",[532],{"type":36,"value":533},"Les métriques de suivi à 6 mois",{"type":30,"tag":38,"props":535,"children":536},{},[537,542],{"type":30,"tag":52,"props":538,"children":539},{},[540],{"type":36,"value":541},"Time to first review :",{"type":36,"value":543}," le temps entre la création d'une PR et le premier commentaire. Avec un outil IA, ce metric descend à moins de 5 minutes (le bot review instantanément). C'est un gain réel pour les développeurs qui attendent un feedback.",{"type":30,"tag":38,"props":545,"children":546},{},[547,552],{"type":30,"tag":52,"props":548,"children":549},{},[550],{"type":36,"value":551},"Human review time :",{"type":36,"value":553}," le temps que les développeurs humains passent sur les reviews. L'objectif est que ce temps reste stable ou diminue légèrement (l'IA a filtré le bruit) tout que la qualité augmente.",{"type":30,"tag":38,"props":555,"children":556},{},[557,562],{"type":30,"tag":52,"props":558,"children":559},{},[560],{"type":36,"value":561},"False positive rate de l'IA :",{"type":36,"value":563}," le pourcentage de commentaires IA que l'auteur de la PR rejette comme non-pertinents. Un taux supérieur à 30% signifie que l'IA génère trop de bruit : ajustez la configuration ou le prompt système.",{"type":30,"tag":38,"props":565,"children":566},{},[567,572],{"type":30,"tag":52,"props":568,"children":569},{},[570],{"type":36,"value":571},"Bug escape rate :",{"type":36,"value":573}," le nombre de bugs trouvés en production par rapport aux bugs trouvés en review. Si ce ratio s'améliore avec l'IA, l'outil fonctionne. S'il se dégrade, l'IA crée une fausse sécurité.",{"type":30,"tag":58,"props":575,"children":576},{},[],{"type":30,"tag":62,"props":578,"children":580},{"id":579},"les-outils-et-leur-positionnement",[581],{"type":36,"value":582},"Les outils et leur positionnement",{"type":30,"tag":38,"props":584,"children":585},{},[586,591],{"type":30,"tag":52,"props":587,"children":588},{},[589],{"type":36,"value":590},"GitHub Copilot Code Review :",{"type":36,"value":592}," intégration native dans GitHub, activée au niveau de la PR. Bon pour le style et les patterns de sécurité courants. Limite : connaissance du codebase limitée au diff de la PR.",{"type":30,"tag":38,"props":594,"children":595},{},[596,601],{"type":30,"tag":52,"props":597,"children":598},{},[599],{"type":36,"value":600},"CodeRabbit :",{"type":36,"value":602}," outil spécialisé review avec contexte étendu du codebase. Meilleur pour la cohérence avec le codebase que Copilot. Configuration par règles yaml.",{"type":30,"tag":38,"props":604,"children":605},{},[606,611],{"type":30,"tag":52,"props":607,"children":608},{},[609],{"type":36,"value":610},"Claude / GPT-4 via API :",{"type":36,"value":612}," intégration personnalisée avec contexte métier. Le plus flexible : vous pouvez injecter les conventions de l'équipe, les règles métier critiques, et l'architecture dans le prompt système. Le plus complexe à configurer.",{"type":30,"tag":38,"props":614,"children":615},{},[616,621],{"type":30,"tag":52,"props":617,"children":618},{},[619],{"type":36,"value":620},"Cursor :",{"type":36,"value":622}," IDE avec review intégrée en cours d'écriture, pas seulement sur la PR. Utile pour les développeurs qui veulent le feedback avant même de créer la PR.",{"type":30,"tag":38,"props":624,"children":625},{},[626],{"type":36,"value":627},"L'IA en code review est un amplificateur, pas un remplacement. Elle amplifie la capacité de détection sur les patterns connus et libère le temps humain pour ce que l'IA ne peut pas faire. Les équipes qui sortiront gagnantes de cette transition ne seront pas celles qui délèguent le plus à l'IA. Ce seront celles qui comprennent précisément ce qu'elles lui délèguent.",{"type":30,"tag":58,"props":629,"children":630},{},[],{"type":30,"tag":62,"props":632,"children":634},{"id":633},"faq-sur-lia-en-code-review",[635],{"type":36,"value":636},"FAQ sur l'IA en code review",{"type":30,"tag":638,"props":639,"children":640},"details",{},[641,647],{"type":30,"tag":642,"props":643,"children":644},"summary",{},[645],{"type":36,"value":646},"1. Quelle est la différence entre un linter et un outil de review IA ?",{"type":30,"tag":38,"props":648,"children":649},{},[650,652,658],{"type":36,"value":651},"Un ",{"type":30,"tag":84,"props":653,"children":655},{"href":654},"/fr/dette-technique/outils-analyse-statique-2026",[656],{"type":36,"value":657},"linter",{"type":36,"value":659}," applique des règles déterministes prédéfinies : syntaxe, style, patterns interdits. Il est rapide, sans faux positifs sur ce qu'il est configuré à détecter. Un outil IA applique un raisonnement contextuel sur le code : il peut détecter des problèmes que le linter ne peut pas formaliser en règles (ex : \"cette fonction fait trop de choses\"). La complémentarité est optimale : linter pour les règles déterministes, IA pour les jugements contextuels.",{"type":30,"tag":638,"props":661,"children":662},{},[663,668],{"type":30,"tag":642,"props":664,"children":665},{},[666],{"type":36,"value":667},"2. L'IA peut-elle reviewer du code dans des langages peu courants ou des DSLs internes ?",{"type":30,"tag":38,"props":669,"children":670},{},[671],{"type":36,"value":672},"Les LLMs sont entraînés principalement sur les langages populaires (Python, JavaScript, Java, Go, TypeScript). Pour les langages peu courants ou les DSLs internes, la qualité du review IA est dégradée. Dans ce cas, utilisez l'IA uniquement pour les aspects génériques (sécurité, documentation) et laissez les aspects spécifiques au langage aux reviewers humains.",{"type":30,"tag":638,"props":674,"children":675},{},[676,681],{"type":30,"tag":642,"props":677,"children":678},{},[679],{"type":36,"value":680},"3. Comment gérer le coût des reviews IA sur un grand nombre de PRs ?",{"type":30,"tag":38,"props":682,"children":683},{},[684,686,1427,1429,1961],{"type":36,"value":685},"Les coûts varient selon l'outil. GitHub Copilot Code Review est inclus dans l'abonnement Copilot (19",{"type":30,"tag":111,"props":687,"children":690},{"className":688},[689],"katex",[691,1026],{"type":30,"tag":111,"props":692,"children":695},{"className":693},[694],"katex-mathml",[696],{"type":30,"tag":697,"props":698,"children":700},"math",{"xmlns":699},"http://www.w3.org/1998/Math/MathML",[701],{"type":30,"tag":702,"props":703,"children":704},"semantics",{},[705,1019],{"type":30,"tag":706,"props":707,"children":708},"mrow",{},[709,716,721,726,731,736,740,745,761,766,770,775,779,783,787,791,796,801,807,812,817,821,825,829,834,838,843,847,851,856,860,864,869,873,877,881,885,890,894,898,902,906,910,914,918,922,926,930,934,945,949,953,957,961,965,969,973,977,981,985,990,994,998,1002,1007,1013],{"type":30,"tag":710,"props":711,"children":713},"mi",{"mathvariant":712},"normal",[714],{"type":36,"value":715},"/",{"type":30,"tag":710,"props":717,"children":718},{},[719],{"type":36,"value":720},"m",{"type":30,"tag":710,"props":722,"children":723},{},[724],{"type":36,"value":725},"o",{"type":30,"tag":710,"props":727,"children":728},{},[729],{"type":36,"value":730},"i",{"type":30,"tag":710,"props":732,"children":733},{},[734],{"type":36,"value":735},"s",{"type":30,"tag":710,"props":737,"children":738},{"mathvariant":712},[739],{"type":36,"value":715},{"type":30,"tag":710,"props":741,"children":742},{},[743],{"type":36,"value":744},"d",{"type":30,"tag":746,"props":747,"children":749},"mover",{"accent":748},"true",[750,755],{"type":30,"tag":710,"props":751,"children":752},{},[753],{"type":36,"value":754},"e",{"type":30,"tag":756,"props":757,"children":758},"mo",{},[759],{"type":36,"value":760},"ˊ",{"type":30,"tag":710,"props":762,"children":763},{},[764],{"type":36,"value":765},"v",{"type":30,"tag":710,"props":767,"children":768},{},[769],{"type":36,"value":754},{"type":30,"tag":710,"props":771,"children":772},{},[773],{"type":36,"value":774},"l",{"type":30,"tag":710,"props":776,"children":777},{},[778],{"type":36,"value":725},{"type":30,"tag":710,"props":780,"children":781},{},[782],{"type":36,"value":38},{"type":30,"tag":710,"props":784,"children":785},{},[786],{"type":36,"value":38},{"type":30,"tag":710,"props":788,"children":789},{},[790],{"type":36,"value":754},{"type":30,"tag":710,"props":792,"children":793},{},[794],{"type":36,"value":795},"u",{"type":30,"tag":710,"props":797,"children":798},{},[799],{"type":36,"value":800},"r",{"type":30,"tag":756,"props":802,"children":804},{"stretchy":803},"false",[805],{"type":36,"value":806},")",{"type":30,"tag":710,"props":808,"children":809},{"mathvariant":712},[810],{"type":36,"value":811},".",{"type":30,"tag":710,"props":813,"children":814},{},[815],{"type":36,"value":816},"C",{"type":30,"tag":710,"props":818,"children":819},{},[820],{"type":36,"value":725},{"type":30,"tag":710,"props":822,"children":823},{},[824],{"type":36,"value":744},{"type":30,"tag":710,"props":826,"children":827},{},[828],{"type":36,"value":754},{"type":30,"tag":710,"props":830,"children":831},{},[832],{"type":36,"value":833},"R",{"type":30,"tag":710,"props":835,"children":836},{},[837],{"type":36,"value":84},{"type":30,"tag":710,"props":839,"children":840},{},[841],{"type":36,"value":842},"b",{"type":30,"tag":710,"props":844,"children":845},{},[846],{"type":36,"value":842},{"type":30,"tag":710,"props":848,"children":849},{},[850],{"type":36,"value":730},{"type":30,"tag":710,"props":852,"children":853},{},[854],{"type":36,"value":855},"t",{"type":30,"tag":710,"props":857,"children":858},{},[859],{"type":36,"value":84},{"type":30,"tag":710,"props":861,"children":862},{},[863],{"type":36,"value":795},{"type":30,"tag":710,"props":865,"children":866},{},[867],{"type":36,"value":868},"n",{"type":30,"tag":710,"props":870,"children":871},{},[872],{"type":36,"value":855},{"type":30,"tag":710,"props":874,"children":875},{},[876],{"type":36,"value":730},{"type":30,"tag":710,"props":878,"children":879},{},[880],{"type":36,"value":754},{"type":30,"tag":710,"props":882,"children":883},{},[884],{"type":36,"value":800},{"type":30,"tag":710,"props":886,"children":887},{},[888],{"type":36,"value":889},"g",{"type":30,"tag":710,"props":891,"children":892},{},[893],{"type":36,"value":800},{"type":30,"tag":710,"props":895,"children":896},{},[897],{"type":36,"value":84},{"type":30,"tag":710,"props":899,"children":900},{},[901],{"type":36,"value":855},{"type":30,"tag":710,"props":903,"children":904},{},[905],{"type":36,"value":795},{"type":30,"tag":710,"props":907,"children":908},{},[909],{"type":36,"value":730},{"type":30,"tag":710,"props":911,"children":912},{},[913],{"type":36,"value":855},{"type":30,"tag":710,"props":915,"children":916},{},[917],{"type":36,"value":774},{"type":30,"tag":710,"props":919,"children":920},{},[921],{"type":36,"value":730},{"type":30,"tag":710,"props":923,"children":924},{},[925],{"type":36,"value":720},{"type":30,"tag":710,"props":927,"children":928},{},[929],{"type":36,"value":730},{"type":30,"tag":710,"props":931,"children":932},{},[933],{"type":36,"value":855},{"type":30,"tag":746,"props":935,"children":936},{"accent":748},[937,941],{"type":30,"tag":710,"props":938,"children":939},{},[940],{"type":36,"value":754},{"type":30,"tag":756,"props":942,"children":943},{},[944],{"type":36,"value":760},{"type":30,"tag":710,"props":946,"children":947},{},[948],{"type":36,"value":754},{"type":30,"tag":710,"props":950,"children":951},{},[952],{"type":36,"value":855},{"type":30,"tag":710,"props":954,"children":955},{},[956],{"type":36,"value":795},{"type":30,"tag":710,"props":958,"children":959},{},[960],{"type":36,"value":868},{"type":30,"tag":710,"props":962,"children":963},{},[964],{"type":36,"value":855},{"type":30,"tag":710,"props":966,"children":967},{},[968],{"type":36,"value":730},{"type":30,"tag":710,"props":970,"children":971},{},[972],{"type":36,"value":754},{"type":30,"tag":710,"props":974,"children":975},{},[976],{"type":36,"value":800},{"type":30,"tag":710,"props":978,"children":979},{},[980],{"type":36,"value":38},{"type":30,"tag":710,"props":982,"children":983},{},[984],{"type":36,"value":84},{"type":30,"tag":710,"props":986,"children":987},{},[988],{"type":36,"value":989},"y",{"type":30,"tag":710,"props":991,"children":992},{},[993],{"type":36,"value":84},{"type":30,"tag":710,"props":995,"children":996},{},[997],{"type":36,"value":868},{"type":30,"tag":710,"props":999,"children":1000},{},[1001],{"type":36,"value":855},{"type":30,"tag":756,"props":1003,"children":1004},{"stretchy":803},[1005],{"type":36,"value":1006},"(",{"type":30,"tag":1008,"props":1009,"children":1010},"mtext",{},[1011],{"type":36,"value":1012}," ",{"type":30,"tag":1014,"props":1015,"children":1016},"mn",{},[1017],{"type":36,"value":1018},"19",{"type":30,"tag":1020,"props":1021,"children":1023},"annotation",{"encoding":1022},"application/x-tex",[1024],{"type":36,"value":1025},"/mois/développeur). CodeRabbit a un tier gratuit limité et un tier payant (~19",{"type":30,"tag":111,"props":1027,"children":1030},{"className":1028,"ariaHidden":748},[1029],"katex-html",[1031],{"type":30,"tag":111,"props":1032,"children":1035},{"className":1033},[1034],"base",[1036,1042,1048,1054,1059,1064,1069,1074,1079,1133,1139,1144,1150,1155,1161,1166,1171,1177,1183,1188,1194,1199,1204,1209,1215,1221,1226,1231,1236,1241,1246,1251,1257,1262,1267,1272,1277,1282,1287,1293,1299,1304,1348,1353,1358,1363,1368,1373,1378,1383,1388,1393,1398,1404,1409,1415,1422],{"type":30,"tag":111,"props":1037,"children":1041},{"className":1038,"style":1040},[1039],"strut","height:1em;vertical-align:-0.25em;",[],{"type":30,"tag":111,"props":1043,"children":1046},{"className":1044},[1045],"mord",[1047],{"type":36,"value":715},{"type":30,"tag":111,"props":1049,"children":1052},{"className":1050},[1045,1051],"mathnormal",[1053],{"type":36,"value":720},{"type":30,"tag":111,"props":1055,"children":1057},{"className":1056},[1045,1051],[1058],{"type":36,"value":725},{"type":30,"tag":111,"props":1060,"children":1062},{"className":1061},[1045,1051],[1063],{"type":36,"value":730},{"type":30,"tag":111,"props":1065,"children":1067},{"className":1066},[1045,1051],[1068],{"type":36,"value":735},{"type":30,"tag":111,"props":1070,"children":1072},{"className":1071},[1045],[1073],{"type":36,"value":715},{"type":30,"tag":111,"props":1075,"children":1077},{"className":1076},[1045,1051],[1078],{"type":36,"value":744},{"type":30,"tag":111,"props":1080,"children":1083},{"className":1081},[1045,1082],"accent",[1084],{"type":30,"tag":111,"props":1085,"children":1088},{"className":1086},[1087],"vlist-t",[1089],{"type":30,"tag":111,"props":1090,"children":1093},{"className":1091},[1092],"vlist-r",[1094],{"type":30,"tag":111,"props":1095,"children":1099},{"className":1096,"style":1098},[1097],"vlist","height:0.6944em;",[1100,1115],{"type":30,"tag":111,"props":1101,"children":1103},{"style":1102},"top:-3em;",[1104,1110],{"type":30,"tag":111,"props":1105,"children":1109},{"className":1106,"style":1108},[1107],"pstrut","height:3em;",[],{"type":30,"tag":111,"props":1111,"children":1113},{"className":1112},[1045,1051],[1114],{"type":36,"value":754},{"type":30,"tag":111,"props":1116,"children":1117},{"style":1102},[1118,1122],{"type":30,"tag":111,"props":1119,"children":1121},{"className":1120,"style":1108},[1107],[],{"type":30,"tag":111,"props":1123,"children":1127},{"className":1124,"style":1126},[1125],"accent-body","left:-0.1944em;",[1128],{"type":30,"tag":111,"props":1129,"children":1131},{"className":1130},[1045],[1132],{"type":36,"value":760},{"type":30,"tag":111,"props":1134,"children":1137},{"className":1135,"style":1136},[1045,1051],"margin-right:0.03588em;",[1138],{"type":36,"value":765},{"type":30,"tag":111,"props":1140,"children":1142},{"className":1141},[1045,1051],[1143],{"type":36,"value":754},{"type":30,"tag":111,"props":1145,"children":1148},{"className":1146,"style":1147},[1045,1051],"margin-right:0.01968em;",[1149],{"type":36,"value":774},{"type":30,"tag":111,"props":1151,"children":1153},{"className":1152},[1045,1051],[1154],{"type":36,"value":725},{"type":30,"tag":111,"props":1156,"children":1158},{"className":1157},[1045,1051],[1159],{"type":36,"value":1160},"pp",{"type":30,"tag":111,"props":1162,"children":1164},{"className":1163},[1045,1051],[1165],{"type":36,"value":754},{"type":30,"tag":111,"props":1167,"children":1169},{"className":1168},[1045,1051],[1170],{"type":36,"value":795},{"type":30,"tag":111,"props":1172,"children":1175},{"className":1173,"style":1174},[1045,1051],"margin-right:0.02778em;",[1176],{"type":36,"value":800},{"type":30,"tag":111,"props":1178,"children":1181},{"className":1179},[1180],"mclose",[1182],{"type":36,"value":806},{"type":30,"tag":111,"props":1184,"children":1186},{"className":1185},[1045],[1187],{"type":36,"value":811},{"type":30,"tag":111,"props":1189,"children":1192},{"className":1190,"style":1191},[1045,1051],"margin-right:0.07153em;",[1193],{"type":36,"value":816},{"type":30,"tag":111,"props":1195,"children":1197},{"className":1196},[1045,1051],[1198],{"type":36,"value":725},{"type":30,"tag":111,"props":1200,"children":1202},{"className":1201},[1045,1051],[1203],{"type":36,"value":744},{"type":30,"tag":111,"props":1205,"children":1207},{"className":1206},[1045,1051],[1208],{"type":36,"value":754},{"type":30,"tag":111,"props":1210,"children":1213},{"className":1211,"style":1212},[1045,1051],"margin-right:0.00773em;",[1214],{"type":36,"value":833},{"type":30,"tag":111,"props":1216,"children":1218},{"className":1217},[1045,1051],[1219],{"type":36,"value":1220},"abbi",{"type":30,"tag":111,"props":1222,"children":1224},{"className":1223},[1045,1051],[1225],{"type":36,"value":855},{"type":30,"tag":111,"props":1227,"children":1229},{"className":1228},[1045,1051],[1230],{"type":36,"value":84},{"type":30,"tag":111,"props":1232,"children":1234},{"className":1233},[1045,1051],[1235],{"type":36,"value":795},{"type":30,"tag":111,"props":1237,"children":1239},{"className":1238},[1045,1051],[1240],{"type":36,"value":868},{"type":30,"tag":111,"props":1242,"children":1244},{"className":1243},[1045,1051],[1245],{"type":36,"value":855},{"type":30,"tag":111,"props":1247,"children":1249},{"className":1248},[1045,1051],[1250],{"type":36,"value":730},{"type":30,"tag":111,"props":1252,"children":1254},{"className":1253,"style":1174},[1045,1051],[1255],{"type":36,"value":1256},"er",{"type":30,"tag":111,"props":1258,"children":1260},{"className":1259,"style":1136},[1045,1051],[1261],{"type":36,"value":889},{"type":30,"tag":111,"props":1263,"children":1265},{"className":1264,"style":1174},[1045,1051],[1266],{"type":36,"value":800},{"type":30,"tag":111,"props":1268,"children":1270},{"className":1269},[1045,1051],[1271],{"type":36,"value":84},{"type":30,"tag":111,"props":1273,"children":1275},{"className":1274},[1045,1051],[1276],{"type":36,"value":855},{"type":30,"tag":111,"props":1278,"children":1280},{"className":1279},[1045,1051],[1281],{"type":36,"value":795},{"type":30,"tag":111,"props":1283,"children":1285},{"className":1284},[1045,1051],[1286],{"type":36,"value":730},{"type":30,"tag":111,"props":1288,"children":1290},{"className":1289,"style":1147},[1045,1051],[1291],{"type":36,"value":1292},"tl",{"type":30,"tag":111,"props":1294,"children":1296},{"className":1295},[1045,1051],[1297],{"type":36,"value":1298},"imi",{"type":30,"tag":111,"props":1300,"children":1302},{"className":1301},[1045,1051],[1303],{"type":36,"value":855},{"type":30,"tag":111,"props":1305,"children":1307},{"className":1306},[1045,1082],[1308],{"type":30,"tag":111,"props":1309,"children":1311},{"className":1310},[1087],[1312],{"type":30,"tag":111,"props":1313,"children":1315},{"className":1314},[1092],[1316],{"type":30,"tag":111,"props":1317,"children":1319},{"className":1318,"style":1098},[1097],[1320,1332],{"type":30,"tag":111,"props":1321,"children":1322},{"style":1102},[1323,1327],{"type":30,"tag":111,"props":1324,"children":1326},{"className":1325,"style":1108},[1107],[],{"type":30,"tag":111,"props":1328,"children":1330},{"className":1329},[1045,1051],[1331],{"type":36,"value":754},{"type":30,"tag":111,"props":1333,"children":1334},{"style":1102},[1335,1339],{"type":30,"tag":111,"props":1336,"children":1338},{"className":1337,"style":1108},[1107],[],{"type":30,"tag":111,"props":1340,"children":1342},{"className":1341,"style":1126},[1125],[1343],{"type":30,"tag":111,"props":1344,"children":1346},{"className":1345},[1045],[1347],{"type":36,"value":760},{"type":30,"tag":111,"props":1349,"children":1351},{"className":1350},[1045,1051],[1352],{"type":36,"value":754},{"type":30,"tag":111,"props":1354,"children":1356},{"className":1355},[1045,1051],[1357],{"type":36,"value":855},{"type":30,"tag":111,"props":1359,"children":1361},{"className":1360},[1045,1051],[1362],{"type":36,"value":795},{"type":30,"tag":111,"props":1364,"children":1366},{"className":1365},[1045,1051],[1367],{"type":36,"value":868},{"type":30,"tag":111,"props":1369,"children":1371},{"className":1370},[1045,1051],[1372],{"type":36,"value":855},{"type":30,"tag":111,"props":1374,"children":1376},{"className":1375},[1045,1051],[1377],{"type":36,"value":730},{"type":30,"tag":111,"props":1379,"children":1381},{"className":1380,"style":1174},[1045,1051],[1382],{"type":36,"value":1256},{"type":30,"tag":111,"props":1384,"children":1386},{"className":1385},[1045,1051],[1387],{"type":36,"value":38},{"type":30,"tag":111,"props":1389,"children":1391},{"className":1390},[1045,1051],[1392],{"type":36,"value":84},{"type":30,"tag":111,"props":1394,"children":1396},{"className":1395,"style":1136},[1045,1051],[1397],{"type":36,"value":989},{"type":30,"tag":111,"props":1399,"children":1401},{"className":1400},[1045,1051],[1402],{"type":36,"value":1403},"an",{"type":30,"tag":111,"props":1405,"children":1407},{"className":1406},[1045,1051],[1408],{"type":36,"value":855},{"type":30,"tag":111,"props":1410,"children":1413},{"className":1411},[1412],"mopen",[1414],{"type":36,"value":1006},{"type":30,"tag":111,"props":1416,"children":1420},{"className":1417},[1418,1419],"mspace","nobreak",[1421],{"type":36,"value":1012},{"type":30,"tag":111,"props":1423,"children":1425},{"className":1424},[1045],[1426],{"type":36,"value":1018},{"type":36,"value":1428},"/mois/utilisateur). Une intégration API directe coûte environ 0,5 à 2",{"type":30,"tag":111,"props":1430,"children":1432},{"className":1431},[689],[1433,1670],{"type":30,"tag":111,"props":1434,"children":1436},{"className":1435},[694],[1437],{"type":30,"tag":697,"props":1438,"children":1439},{"xmlns":699},[1440],{"type":30,"tag":702,"props":1441,"children":1442},{},[1443,1665],{"type":30,"tag":706,"props":1444,"children":1445},{},[1446,1450,1454,1458,1463,1467,1471,1475,1479,1483,1487,1491,1495,1499,1503,1507,1511,1515,1519,1523,1528,1532,1536,1541,1545,1549,1553,1557,1561,1565,1569,1573,1577,1581,1585,1590,1594,1598,1603,1607,1619,1623,1627,1631,1635,1639,1643,1648,1660],{"type":30,"tag":710,"props":1447,"children":1448},{},[1449],{"type":36,"value":38},{"type":30,"tag":710,"props":1451,"children":1452},{},[1453],{"type":36,"value":84},{"type":30,"tag":710,"props":1455,"children":1456},{},[1457],{"type":36,"value":800},{"type":30,"tag":710,"props":1459,"children":1460},{},[1461],{"type":36,"value":1462},"P",{"type":30,"tag":710,"props":1464,"children":1465},{},[1466],{"type":36,"value":833},{"type":30,"tag":710,"props":1468,"children":1469},{},[1470],{"type":36,"value":735},{"type":30,"tag":710,"props":1472,"children":1473},{},[1474],{"type":36,"value":754},{"type":30,"tag":710,"props":1476,"children":1477},{},[1478],{"type":36,"value":774},{"type":30,"tag":710,"props":1480,"children":1481},{},[1482],{"type":36,"value":725},{"type":30,"tag":710,"props":1484,"children":1485},{},[1486],{"type":36,"value":868},{"type":30,"tag":710,"props":1488,"children":1489},{},[1490],{"type":36,"value":774},{"type":30,"tag":710,"props":1492,"children":1493},{},[1494],{"type":36,"value":84},{"type":30,"tag":710,"props":1496,"children":1497},{},[1498],{"type":36,"value":855},{"type":30,"tag":710,"props":1500,"children":1501},{},[1502],{"type":36,"value":84},{"type":30,"tag":710,"props":1504,"children":1505},{},[1506],{"type":36,"value":730},{"type":30,"tag":710,"props":1508,"children":1509},{},[1510],{"type":36,"value":774},{"type":30,"tag":710,"props":1512,"children":1513},{},[1514],{"type":36,"value":774},{"type":30,"tag":710,"props":1516,"children":1517},{},[1518],{"type":36,"value":754},{"type":30,"tag":710,"props":1520,"children":1521},{"mathvariant":712},[1522],{"type":36,"value":811},{"type":30,"tag":710,"props":1524,"children":1525},{},[1526],{"type":36,"value":1527},"S",{"type":30,"tag":710,"props":1529,"children":1530},{},[1531],{"type":36,"value":795},{"type":30,"tag":710,"props":1533,"children":1534},{},[1535],{"type":36,"value":800},{"type":30,"tag":1014,"props":1537,"children":1538},{},[1539],{"type":36,"value":1540},"50",{"type":30,"tag":710,"props":1542,"children":1543},{},[1544],{"type":36,"value":1462},{"type":30,"tag":710,"props":1546,"children":1547},{},[1548],{"type":36,"value":833},{"type":30,"tag":710,"props":1550,"children":1551},{},[1552],{"type":36,"value":735},{"type":30,"tag":710,"props":1554,"children":1555},{"mathvariant":712},[1556],{"type":36,"value":715},{"type":30,"tag":710,"props":1558,"children":1559},{},[1560],{"type":36,"value":735},{"type":30,"tag":710,"props":1562,"children":1563},{},[1564],{"type":36,"value":754},{"type":30,"tag":710,"props":1566,"children":1567},{},[1568],{"type":36,"value":720},{"type":30,"tag":710,"props":1570,"children":1571},{},[1572],{"type":36,"value":84},{"type":30,"tag":710,"props":1574,"children":1575},{},[1576],{"type":36,"value":730},{"type":30,"tag":710,"props":1578,"children":1579},{},[1580],{"type":36,"value":868},{"type":30,"tag":710,"props":1582,"children":1583},{},[1584],{"type":36,"value":754},{"type":30,"tag":756,"props":1586,"children":1587},{"separator":748},[1588],{"type":36,"value":1589},",",{"type":30,"tag":710,"props":1591,"children":1592},{},[1593],{"type":36,"value":774},{"type":30,"tag":710,"props":1595,"children":1596},{},[1597],{"type":36,"value":754},{"type":30,"tag":710,"props":1599,"children":1600},{},[1601],{"type":36,"value":1602},"c",{"type":30,"tag":710,"props":1604,"children":1605},{},[1606],{"type":36,"value":725},{"type":30,"tag":746,"props":1608,"children":1609},{"accent":748},[1610,1614],{"type":30,"tag":710,"props":1611,"children":1612},{},[1613],{"type":36,"value":795},{"type":30,"tag":756,"props":1615,"children":1616},{},[1617],{"type":36,"value":1618},"^",{"type":30,"tag":710,"props":1620,"children":1621},{},[1622],{"type":36,"value":855},{"type":30,"tag":710,"props":1624,"children":1625},{},[1626],{"type":36,"value":754},{"type":30,"tag":710,"props":1628,"children":1629},{},[1630],{"type":36,"value":735},{"type":30,"tag":710,"props":1632,"children":1633},{},[1634],{"type":36,"value":855},{"type":30,"tag":710,"props":1636,"children":1637},{},[1638],{"type":36,"value":744},{"type":30,"tag":710,"props":1640,"children":1641},{},[1642],{"type":36,"value":754},{"type":30,"tag":1014,"props":1644,"children":1645},{},[1646],{"type":36,"value":1647},"25",{"type":30,"tag":746,"props":1649,"children":1650},{"accent":748},[1651,1655],{"type":30,"tag":710,"props":1652,"children":1653},{},[1654],{"type":36,"value":84},{"type":30,"tag":756,"props":1656,"children":1657},{},[1658],{"type":36,"value":1659},"ˋ",{"type":30,"tag":1014,"props":1661,"children":1662},{},[1663],{"type":36,"value":1664},"100",{"type":30,"tag":1020,"props":1666,"children":1667},{"encoding":1022},[1668],{"type":36,"value":1669}," par PR selon la taille. Sur 50 PRs/semaine, le coût est de 25 à 100",{"type":30,"tag":111,"props":1671,"children":1673},{"className":1672,"ariaHidden":748},[1029],[1674],{"type":30,"tag":111,"props":1675,"children":1677},{"className":1676},[1034],[1678,1682,1687,1692,1697,1703,1709,1714,1719,1724,1729,1734,1739,1745,1751,1756,1761,1767,1772,1777,1782,1787,1792,1797,1802,1808,1813,1819,1824,1829,1835,1880,1885,1891,1896,1901,1906,1911,1956],{"type":30,"tag":111,"props":1679,"children":1681},{"className":1680,"style":1040},[1039],[],{"type":30,"tag":111,"props":1683,"children":1685},{"className":1684},[1045,1051],[1686],{"type":36,"value":38},{"type":30,"tag":111,"props":1688,"children":1690},{"className":1689},[1045,1051],[1691],{"type":36,"value":84},{"type":30,"tag":111,"props":1693,"children":1695},{"className":1694,"style":1174},[1045,1051],[1696],{"type":36,"value":800},{"type":30,"tag":111,"props":1698,"children":1700},{"className":1699,"style":1212},[1045,1051],[1701],{"type":36,"value":1702},"PR",{"type":30,"tag":111,"props":1704,"children":1706},{"className":1705},[1045,1051],[1707],{"type":36,"value":1708},"se",{"type":30,"tag":111,"props":1710,"children":1712},{"className":1711,"style":1147},[1045,1051],[1713],{"type":36,"value":774},{"type":30,"tag":111,"props":1715,"children":1717},{"className":1716},[1045,1051],[1718],{"type":36,"value":725},{"type":30,"tag":111,"props":1720,"children":1722},{"className":1721},[1045,1051],[1723],{"type":36,"value":868},{"type":30,"tag":111,"props":1725,"children":1727},{"className":1726,"style":1147},[1045,1051],[1728],{"type":36,"value":774},{"type":30,"tag":111,"props":1730,"children":1732},{"className":1731},[1045,1051],[1733],{"type":36,"value":84},{"type":30,"tag":111,"props":1735,"children":1737},{"className":1736},[1045,1051],[1738],{"type":36,"value":855},{"type":30,"tag":111,"props":1740,"children":1742},{"className":1741},[1045,1051],[1743],{"type":36,"value":1744},"ai",{"type":30,"tag":111,"props":1746,"children":1748},{"className":1747,"style":1147},[1045,1051],[1749],{"type":36,"value":1750},"ll",{"type":30,"tag":111,"props":1752,"children":1754},{"className":1753},[1045,1051],[1755],{"type":36,"value":754},{"type":30,"tag":111,"props":1757,"children":1759},{"className":1758},[1045],[1760],{"type":36,"value":811},{"type":30,"tag":111,"props":1762,"children":1765},{"className":1763,"style":1764},[1045,1051],"margin-right:0.05764em;",[1766],{"type":36,"value":1527},{"type":30,"tag":111,"props":1768,"children":1770},{"className":1769},[1045,1051],[1771],{"type":36,"value":795},{"type":30,"tag":111,"props":1773,"children":1775},{"className":1774,"style":1174},[1045,1051],[1776],{"type":36,"value":800},{"type":30,"tag":111,"props":1778,"children":1780},{"className":1779},[1045],[1781],{"type":36,"value":1540},{"type":30,"tag":111,"props":1783,"children":1785},{"className":1784,"style":1212},[1045,1051],[1786],{"type":36,"value":1702},{"type":30,"tag":111,"props":1788,"children":1790},{"className":1789},[1045,1051],[1791],{"type":36,"value":735},{"type":30,"tag":111,"props":1793,"children":1795},{"className":1794},[1045],[1796],{"type":36,"value":715},{"type":30,"tag":111,"props":1798,"children":1800},{"className":1799},[1045,1051],[1801],{"type":36,"value":1708},{"type":30,"tag":111,"props":1803,"children":1805},{"className":1804},[1045,1051],[1806],{"type":36,"value":1807},"main",{"type":30,"tag":111,"props":1809,"children":1811},{"className":1810},[1045,1051],[1812],{"type":36,"value":754},{"type":30,"tag":111,"props":1814,"children":1817},{"className":1815},[1816],"mpunct",[1818],{"type":36,"value":1589},{"type":30,"tag":111,"props":1820,"children":1823},{"className":1821,"style":1822},[1418],"margin-right:0.1667em;",[],{"type":30,"tag":111,"props":1825,"children":1827},{"className":1826,"style":1147},[1045,1051],[1828],{"type":36,"value":774},{"type":30,"tag":111,"props":1830,"children":1832},{"className":1831},[1045,1051],[1833],{"type":36,"value":1834},"eco",{"type":30,"tag":111,"props":1836,"children":1838},{"className":1837},[1045,1082],[1839],{"type":30,"tag":111,"props":1840,"children":1842},{"className":1841},[1087],[1843],{"type":30,"tag":111,"props":1844,"children":1846},{"className":1845},[1092],[1847],{"type":30,"tag":111,"props":1848,"children":1850},{"className":1849,"style":1098},[1097],[1851,1863],{"type":30,"tag":111,"props":1852,"children":1853},{"style":1102},[1854,1858],{"type":30,"tag":111,"props":1855,"children":1857},{"className":1856,"style":1108},[1107],[],{"type":30,"tag":111,"props":1859,"children":1861},{"className":1860},[1045,1051],[1862],{"type":36,"value":795},{"type":30,"tag":111,"props":1864,"children":1865},{"style":1102},[1866,1870],{"type":30,"tag":111,"props":1867,"children":1869},{"className":1868,"style":1108},[1107],[],{"type":30,"tag":111,"props":1871,"children":1874},{"className":1872,"style":1873},[1125],"left:-0.2222em;",[1875],{"type":30,"tag":111,"props":1876,"children":1878},{"className":1877},[1045],[1879],{"type":36,"value":1618},{"type":30,"tag":111,"props":1881,"children":1883},{"className":1882},[1045,1051],[1884],{"type":36,"value":855},{"type":30,"tag":111,"props":1886,"children":1888},{"className":1887},[1045,1051],[1889],{"type":36,"value":1890},"es",{"type":30,"tag":111,"props":1892,"children":1894},{"className":1893},[1045,1051],[1895],{"type":36,"value":855},{"type":30,"tag":111,"props":1897,"children":1899},{"className":1898},[1045,1051],[1900],{"type":36,"value":744},{"type":30,"tag":111,"props":1902,"children":1904},{"className":1903},[1045,1051],[1905],{"type":36,"value":754},{"type":30,"tag":111,"props":1907,"children":1909},{"className":1908},[1045],[1910],{"type":36,"value":1647},{"type":30,"tag":111,"props":1912,"children":1914},{"className":1913},[1045,1082],[1915],{"type":30,"tag":111,"props":1916,"children":1918},{"className":1917},[1087],[1919],{"type":30,"tag":111,"props":1920,"children":1922},{"className":1921},[1092],[1923],{"type":30,"tag":111,"props":1924,"children":1926},{"className":1925,"style":1098},[1097],[1927,1939],{"type":30,"tag":111,"props":1928,"children":1929},{"style":1102},[1930,1934],{"type":30,"tag":111,"props":1931,"children":1933},{"className":1932,"style":1108},[1107],[],{"type":30,"tag":111,"props":1935,"children":1937},{"className":1936},[1045,1051],[1938],{"type":36,"value":84},{"type":30,"tag":111,"props":1940,"children":1941},{"style":1102},[1942,1946],{"type":30,"tag":111,"props":1943,"children":1945},{"className":1944,"style":1108},[1107],[],{"type":30,"tag":111,"props":1947,"children":1950},{"className":1948,"style":1949},[1125],"left:-0.25em;",[1951],{"type":30,"tag":111,"props":1952,"children":1954},{"className":1953},[1045],[1955],{"type":36,"value":1659},{"type":30,"tag":111,"props":1957,"children":1959},{"className":1958},[1045],[1960],{"type":36,"value":1664},{"type":36,"value":1962},"/semaine, marginal par rapport au coût d'un développeur. Le ROI est positif dès qu'une review IA prévient un seul bug en production.",{"type":30,"tag":638,"props":1964,"children":1965},{},[1966,1971],{"type":30,"tag":642,"props":1967,"children":1968},{},[1969],{"type":36,"value":1970},"4. Comment éviter que les développeurs seniors rejettent l'IA en code review ?",{"type":30,"tag":38,"props":1972,"children":1973},{},[1974],{"type":36,"value":1975},"En les impliquant dans la configuration. Les seniors qui configurent les règles de l'outil (quels patterns l'IA doit signaler, quels patterns ignorer) deviennent propriétaires de l'outil plutôt que sujets. Leur expertise améliore la qualité de l'IA, et leur résistance diminue quand ils voient leurs propres standards appliqués automatiquement.",{"type":30,"tag":638,"props":1977,"children":1978},{},[1979,1984],{"type":30,"tag":642,"props":1980,"children":1981},{},[1982],{"type":36,"value":1983},"5. L'IA en code review peut-elle nuire à l'apprentissage des développeurs juniors ?",{"type":30,"tag":38,"props":1985,"children":1986},{},[1987],{"type":36,"value":1988},"Risque réel si mal géré. Un junior qui reçoit du feedback uniquement de l'IA apprend les patterns que l'IA connaît, mais pas les jugements contextuels que les seniors auraient partagés. La règle : l'IA est le premier reviewer pour les juniors (feedback immédiat sur style et sécurité), mais la review humaine d'un senior reste obligatoire. Le senior peut commenter sur \"pourquoi cette architecture plutôt qu'une autre\", ce que l'IA ne peut pas faire.",{"type":30,"tag":638,"props":1990,"children":1991},{},[1992,1997],{"type":30,"tag":642,"props":1993,"children":1994},{},[1995],{"type":36,"value":1996},"6. Comment mesurer si l'IA améliore réellement la qualité du code sur 6 mois ?",{"type":30,"tag":38,"props":1998,"children":1999},{},[2000],{"type":36,"value":2001},"Deux métriques combinées : le bug escape rate (bugs détectés en production / bugs détectés en review) et la densité de défauts par KLOC sur le code produit depuis l'adoption. Si le bug escape rate diminue et que la densité de défauts diminue, l'IA améliore la qualité. Si seulement le bug escape rate diminue, l'IA détecte mieux mais ne change pas les pratiques de développement : il faut renforcer la formation.",{"type":30,"tag":58,"props":2003,"children":2004},{},[],{"type":30,"tag":307,"props":2006,"children":2011},{"cta":2007,"href":2008,"title":2009,"type":2010},"Testez la readiness IA de votre équipe →","/mes-ressources","Ressource gratuite : AI-Ready Engineering Team Checklist","resource",[2012],{"type":30,"tag":38,"props":2013,"children":2014},{},[2015],{"type":36,"value":2016},"La checklist AI-Ready inclut une section dédiée à l'adoption des outils IA en code review : critères de sélection d'outil, règles d'intégration, et métriques de suivi à 30 et 90 jours.",{"type":30,"tag":2018,"props":2019,"children":2020},"style",{},[2021],{"type":36,"value":2022},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":8,"searchDepth":124,"depth":124,"links":2024},[2025,2026,2027,2028,2029,2030,2031],{"id":64,"depth":124,"text":67},{"id":247,"depth":124,"text":250},{"id":324,"depth":124,"text":327},{"id":368,"depth":124,"text":371},{"id":530,"depth":124,"text":533},{"id":579,"depth":124,"text":582},{"id":633,"depth":124,"text":636},"markdown","content:fr:intelligence-artificielle:ia-code-review-retour-experience.md","content","fr/intelligence-artificielle/ia-code-review-retour-experience.md","fr/intelligence-artificielle/ia-code-review-retour-experience","md",{"_path":86,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":2039,"description":2040,"id":2041,"date":2042,"listed":13,"nocomments":7,"hidden":7,"categories":2043,"tags":2044,"--cover":2048,"readingTime":2049,"body":2054,"_type":2032,"_id":3060,"_source":2034,"_file":3061,"_stem":3062,"_extension":2037},"LLMs et sécurité du code : ce qu'il faut savoir","Les LLMs génèrent du code fonctionnel et vulnérable avec la même fluidité. Les vecteurs d'attaque spécifiques au code IA-assisté et les garde-fous à mettre en place.",18,"2026-02-13",[6],[2045,2046,2047,16],"LLM","Sécurité","Vulnérabilités","covers/articles/llm-securite-code.jpg",{"text":2050,"minutes":2051,"time":2052,"words":2053},"7 min read",6.94,416400,1388,{"type":27,"children":2055,"toc":3046},[2056,2061,2066,2071,2079,2105,2108,2114,2119,2124,2127,2133,2138,2394,2411,2416,2419,2425,2430,2732,2737,2742,2751,2754,2760,2765,2775,2785,2833,2838,2841,2847,2854,2864,2870,2882,2907,2913,2918,2924,2936,2942,2947,2952,2957,2960,2966,2979,2992,3005,3018,3031,3034,3042],{"type":30,"tag":31,"props":2057,"children":2059},{"id":2058},"llms-et-sécurité-du-code-ce-quil-faut-savoir",[2060],{"type":36,"value":2039},{"type":30,"tag":38,"props":2062,"children":2063},{},[2064],{"type":36,"value":2065},"J'ai passé une heure à examiner le code d'un client dans le secteur financier que j'accompagnais. Ils avaient adopté Copilot depuis 3 mois, sans formation sur les risques spécifiques. Dans les 200 premières lignes d'un nouveau service, j'ai trouvé deux credentials AWS hardcodées et une requête SQL construite par interpolation de chaîne. Le code compilait. Les tests passaient. La PR avait été approuvée.",{"type":30,"tag":38,"props":2067,"children":2068},{},[2069],{"type":36,"value":2070},"Ce n'était pas de la négligence. C'était de l'ignorance des patterns que les LLMs reproduisent naturellement.",{"type":30,"tag":38,"props":2072,"children":2073},{},[2074],{"type":30,"tag":52,"props":2075,"children":2076},{},[2077],{"type":36,"value":2078},"Un LLM génère du code SQL injection et du code parfaitement sécurisé avec la même confiance syntaxique. Il ne distingue pas les deux. Votre processus de review doit le faire, et en 2026, la plupart des équipes n'ont pas adapté leur review au code IA-assisté.",{"type":30,"tag":38,"props":2080,"children":2081},{},[2082,2084,2089,2091,2096,2098,2103],{"type":36,"value":2083},"Deux études publiées en 2023 ont documenté le problème. ",{"type":30,"tag":52,"props":2085,"children":2086},{},[2087],{"type":36,"value":2088},"Stanford University",{"type":36,"value":2090}," : 40% du code suggéré par Copilot dans des contextes de sécurité spécifiques contient des vulnérabilités. ",{"type":30,"tag":52,"props":2092,"children":2093},{},[2094],{"type":36,"value":2095},"NYU",{"type":36,"value":2097}," : les développeurs qui utilisent des assistants IA tendent à produire du code ",{"type":30,"tag":52,"props":2099,"children":2100},{},[2101],{"type":36,"value":2102},"moins sécurisé",{"type":36,"value":2104}," que sans assistant, parce qu'ils font plus confiance au code généré et le reviewent moins rigoureusement. Ce chiffre est contre-intuitif mais cohérent avec ce que j'observe sur le terrain.",{"type":30,"tag":58,"props":2106,"children":2107},{},[],{"type":30,"tag":62,"props":2109,"children":2111},{"id":2110},"pourquoi-les-llms-génèrent-du-code-vulnérable",[2112],{"type":36,"value":2113},"Pourquoi les LLMs génèrent du code vulnérable",{"type":30,"tag":38,"props":2115,"children":2116},{},[2117],{"type":36,"value":2118},"L'explication est simple mais souvent ignorée : les LLMs sont entraînés sur du code public. Le code public contient des vulnérabilités courantes. Les LLMs reproduisent les patterns du code sur lequel ils ont été entraînés.",{"type":30,"tag":38,"props":2120,"children":2121},{},[2122],{"type":36,"value":2123},"Le résultat : les patterns vulnérables les plus fréquents dans le code public (injections, secrets hardcodés, dépendances non vérifiées) sont aussi les plus fréquemment générés par les LLMs. Pas par malveillance. Par statistique.",{"type":30,"tag":58,"props":2125,"children":2126},{},[],{"type":30,"tag":62,"props":2128,"children":2130},{"id":2129},"vulnérabilité-type-1-injections-sql-prompt-command",[2131],{"type":36,"value":2132},"Vulnérabilité type 1 : Injections (SQL, prompt, command)",{"type":30,"tag":38,"props":2134,"children":2135},{},[2136],{"type":36,"value":2137},"Les LLMs génèrent facilement du code vulnérable aux injections, surtout quand le prompt ne spécifie pas explicitement l'usage de requêtes paramétrées.",{"type":30,"tag":100,"props":2139,"children":2141},{"className":102,"code":2140,"language":104,"meta":8,"style":8},"# ❌ Code généré par LLM sans précision sur la sécurité\ndef get_user(username: str):\n    query = f\"SELECT * FROM users WHERE username = '{username}'\"  # SQL injection\n    return db.execute(query)\n\n# ✅ Code correct (que le LLM génère si le prompt est précis)\ndef get_user(username: str):\n    query = \"SELECT * FROM users WHERE username = %s\"\n    return db.execute(query, (username,))\n",[2142],{"type":30,"tag":107,"props":2143,"children":2144},{"__ignoreMap":8},[2145,2153,2195,2236,2273,2282,2291,2323,2348],{"type":30,"tag":111,"props":2146,"children":2147},{"class":113,"line":114},[2148],{"type":30,"tag":111,"props":2149,"children":2150},{"style":118},[2151],{"type":36,"value":2152},"# ❌ Code généré par LLM sans précision sur la sécurité\n",{"type":30,"tag":111,"props":2154,"children":2155},{"class":113,"line":124},[2156,2162,2168,2173,2179,2184,2190],{"type":30,"tag":111,"props":2157,"children":2159},{"style":2158},"--shiki-default:#CA9EE6;--shiki-dark:#F97583",[2160],{"type":36,"value":2161},"def",{"type":30,"tag":111,"props":2163,"children":2165},{"style":2164},"--shiki-default:#8CAAEE;--shiki-default-font-style:italic;--shiki-dark:#B392F0;--shiki-dark-font-style:inherit",[2166],{"type":36,"value":2167}," get_user",{"type":30,"tag":111,"props":2169,"children":2171},{"style":2170},"--shiki-default:#949CBB;--shiki-dark:#E1E4E8",[2172],{"type":36,"value":1006},{"type":30,"tag":111,"props":2174,"children":2176},{"style":2175},"--shiki-default:#EA999C;--shiki-default-font-style:italic;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit",[2177],{"type":36,"value":2178},"username",{"type":30,"tag":111,"props":2180,"children":2181},{"style":2170},[2182],{"type":36,"value":2183},":",{"type":30,"tag":111,"props":2185,"children":2187},{"style":2186},"--shiki-default:#EF9F76;--shiki-default-font-style:italic;--shiki-dark:#79B8FF;--shiki-dark-font-style:inherit",[2188],{"type":36,"value":2189}," str",{"type":30,"tag":111,"props":2191,"children":2192},{"style":2170},[2193],{"type":36,"value":2194},"):\n",{"type":30,"tag":111,"props":2196,"children":2197},{"class":113,"line":178},[2198,2203,2207,2211,2216,2220,2224,2228,2232],{"type":30,"tag":111,"props":2199,"children":2200},{"style":128},[2201],{"type":36,"value":2202},"    query ",{"type":30,"tag":111,"props":2204,"children":2205},{"style":134},[2206],{"type":36,"value":137},{"type":30,"tag":111,"props":2208,"children":2209},{"style":140},[2210],{"type":36,"value":143},{"type":30,"tag":111,"props":2212,"children":2213},{"style":146},[2214],{"type":36,"value":2215},"\"SELECT * FROM users WHERE username = '",{"type":30,"tag":111,"props":2217,"children":2218},{"style":152},[2219],{"type":36,"value":155},{"type":30,"tag":111,"props":2221,"children":2222},{"style":128},[2223],{"type":36,"value":2178},{"type":30,"tag":111,"props":2225,"children":2226},{"style":152},[2227],{"type":36,"value":165},{"type":30,"tag":111,"props":2229,"children":2230},{"style":146},[2231],{"type":36,"value":170},{"type":30,"tag":111,"props":2233,"children":2234},{"style":118},[2235],{"type":36,"value":175},{"type":30,"tag":111,"props":2237,"children":2238},{"class":113,"line":187},[2239,2244,2249,2253,2259,2263,2268],{"type":30,"tag":111,"props":2240,"children":2241},{"style":2158},[2242],{"type":36,"value":2243},"    return",{"type":30,"tag":111,"props":2245,"children":2246},{"style":128},[2247],{"type":36,"value":2248}," db",{"type":30,"tag":111,"props":2250,"children":2251},{"style":2170},[2252],{"type":36,"value":811},{"type":30,"tag":111,"props":2254,"children":2256},{"style":2255},"--shiki-default:#8CAAEE;--shiki-dark:#E1E4E8",[2257],{"type":36,"value":2258},"execute",{"type":30,"tag":111,"props":2260,"children":2261},{"style":2170},[2262],{"type":36,"value":1006},{"type":30,"tag":111,"props":2264,"children":2265},{"style":128},[2266],{"type":36,"value":2267},"query",{"type":30,"tag":111,"props":2269,"children":2270},{"style":2170},[2271],{"type":36,"value":2272},")\n",{"type":30,"tag":111,"props":2274,"children":2276},{"class":113,"line":2275},5,[2277],{"type":30,"tag":111,"props":2278,"children":2279},{"emptyLinePlaceholder":13},[2280],{"type":36,"value":2281},"\n",{"type":30,"tag":111,"props":2283,"children":2285},{"class":113,"line":2284},6,[2286],{"type":30,"tag":111,"props":2287,"children":2288},{"style":118},[2289],{"type":36,"value":2290},"# ✅ Code correct (que le LLM génère si le prompt est précis)\n",{"type":30,"tag":111,"props":2292,"children":2294},{"class":113,"line":2293},7,[2295,2299,2303,2307,2311,2315,2319],{"type":30,"tag":111,"props":2296,"children":2297},{"style":2158},[2298],{"type":36,"value":2161},{"type":30,"tag":111,"props":2300,"children":2301},{"style":2164},[2302],{"type":36,"value":2167},{"type":30,"tag":111,"props":2304,"children":2305},{"style":2170},[2306],{"type":36,"value":1006},{"type":30,"tag":111,"props":2308,"children":2309},{"style":2175},[2310],{"type":36,"value":2178},{"type":30,"tag":111,"props":2312,"children":2313},{"style":2170},[2314],{"type":36,"value":2183},{"type":30,"tag":111,"props":2316,"children":2317},{"style":2186},[2318],{"type":36,"value":2189},{"type":30,"tag":111,"props":2320,"children":2321},{"style":2170},[2322],{"type":36,"value":2194},{"type":30,"tag":111,"props":2324,"children":2326},{"class":113,"line":2325},8,[2327,2331,2335,2340,2344],{"type":30,"tag":111,"props":2328,"children":2329},{"style":128},[2330],{"type":36,"value":2202},{"type":30,"tag":111,"props":2332,"children":2333},{"style":134},[2334],{"type":36,"value":137},{"type":30,"tag":111,"props":2336,"children":2337},{"style":146},[2338],{"type":36,"value":2339}," \"SELECT * FROM users WHERE username = ",{"type":30,"tag":111,"props":2341,"children":2342},{"style":152},[2343],{"type":36,"value":206},{"type":30,"tag":111,"props":2345,"children":2346},{"style":146},[2347],{"type":36,"value":211},{"type":30,"tag":111,"props":2349,"children":2351},{"class":113,"line":2350},9,[2352,2356,2360,2364,2368,2372,2376,2380,2385,2389],{"type":30,"tag":111,"props":2353,"children":2354},{"style":2158},[2355],{"type":36,"value":2243},{"type":30,"tag":111,"props":2357,"children":2358},{"style":128},[2359],{"type":36,"value":2248},{"type":30,"tag":111,"props":2361,"children":2362},{"style":2170},[2363],{"type":36,"value":811},{"type":30,"tag":111,"props":2365,"children":2366},{"style":2255},[2367],{"type":36,"value":2258},{"type":30,"tag":111,"props":2369,"children":2370},{"style":2170},[2371],{"type":36,"value":1006},{"type":30,"tag":111,"props":2373,"children":2374},{"style":128},[2375],{"type":36,"value":2267},{"type":30,"tag":111,"props":2377,"children":2378},{"style":2170},[2379],{"type":36,"value":1589},{"type":30,"tag":111,"props":2381,"children":2382},{"style":2170},[2383],{"type":36,"value":2384}," (",{"type":30,"tag":111,"props":2386,"children":2387},{"style":128},[2388],{"type":36,"value":2178},{"type":30,"tag":111,"props":2390,"children":2391},{"style":2170},[2392],{"type":36,"value":2393},",))\n",{"type":30,"tag":38,"props":2395,"children":2396},{},[2397,2402,2404,2409],{"type":30,"tag":52,"props":2398,"children":2399},{},[2400],{"type":36,"value":2401},"La prompt injection",{"type":36,"value":2403}," est spécifique au code qui intègre des LLMs dans des applications : si votre application passe de l'input utilisateur directement dans un prompt, un attaquant peut modifier le comportement du modèle via des instructions injectées. C'est une vulnérabilité nouvelle, documentée par l'",{"type":30,"tag":52,"props":2405,"children":2406},{},[2407],{"type":36,"value":2408},"OWASP Top 10 for LLM Applications",{"type":36,"value":2410}," depuis 2023.",{"type":30,"tag":38,"props":2412,"children":2413},{},[2414],{"type":36,"value":2415},"Garde-fou : lors de la review de tout code qui touche à la gestion des inputs utilisateurs, vérifier systématiquement que les requêtes sont paramétrées et que les inputs ne sont pas interpolés directement dans des strings.",{"type":30,"tag":58,"props":2417,"children":2418},{},[],{"type":30,"tag":62,"props":2420,"children":2422},{"id":2421},"vulnérabilité-type-2-gestion-des-secrets-et-credentials",[2423],{"type":36,"value":2424},"Vulnérabilité type 2 : Gestion des secrets et credentials",{"type":30,"tag":38,"props":2426,"children":2427},{},[2428],{"type":36,"value":2429},"C'est le pattern de vulnérabilité le plus fréquemment généré par les LLMs : credentials hardcodées, tokens dans les logs, secrets dans les fichiers de configuration versionnés.",{"type":30,"tag":100,"props":2431,"children":2435},{"className":2432,"code":2433,"language":2434,"meta":8,"style":8},"language-javascript shiki shiki-themes catppuccin-frappe github-dark","// ❌ Pattern fréquemment généré\nconst client = new S3Client({\n    accessKeyId: \"AKIAIOSFODNN7EXAMPLE\",      // credential hardcodée\n    secretAccessKey: \"wJalrXUtnFEMI/K7MDENG\" // credential hardcodée\n});\n\n// ❌ Pattern de logging qui expose des secrets\nconsole.log(`Connecting to DB with password: ${process.env.DB_PASSWORD}`);\n\n// ✅ Pattern correct\nconst client = new S3Client({\n    credentials: fromEnv()  // lecture depuis les variables d'environnement\n});\n","javascript",[2436],{"type":30,"tag":107,"props":2437,"children":2438},{"__ignoreMap":8},[2439,2447,2486,2513,2535,2551,2558,2566,2640,2647,2656,2688,2716],{"type":30,"tag":111,"props":2440,"children":2441},{"class":113,"line":114},[2442],{"type":30,"tag":111,"props":2443,"children":2444},{"style":118},[2445],{"type":36,"value":2446},"// ❌ Pattern fréquemment généré\n",{"type":30,"tag":111,"props":2448,"children":2449},{"class":113,"line":124},[2450,2455,2461,2466,2472,2477,2481],{"type":30,"tag":111,"props":2451,"children":2452},{"style":2158},[2453],{"type":36,"value":2454},"const",{"type":30,"tag":111,"props":2456,"children":2458},{"style":2457},"--shiki-default:#C6D0F5;--shiki-dark:#79B8FF",[2459],{"type":36,"value":2460}," client",{"type":30,"tag":111,"props":2462,"children":2463},{"style":134},[2464],{"type":36,"value":2465}," =",{"type":30,"tag":111,"props":2467,"children":2469},{"style":2468},"--shiki-default:#CA9EE6;--shiki-default-font-weight:bold;--shiki-dark:#F97583;--shiki-dark-font-weight:inherit",[2470],{"type":36,"value":2471}," new",{"type":30,"tag":111,"props":2473,"children":2474},{"style":2164},[2475],{"type":36,"value":2476}," S3Client",{"type":30,"tag":111,"props":2478,"children":2479},{"style":128},[2480],{"type":36,"value":1006},{"type":30,"tag":111,"props":2482,"children":2483},{"style":2170},[2484],{"type":36,"value":2485},"{\n",{"type":30,"tag":111,"props":2487,"children":2488},{"class":113,"line":178},[2489,2494,2499,2504,2508],{"type":30,"tag":111,"props":2490,"children":2491},{"style":128},[2492],{"type":36,"value":2493},"    accessKeyId",{"type":30,"tag":111,"props":2495,"children":2497},{"style":2496},"--shiki-default:#81C8BE;--shiki-dark:#E1E4E8",[2498],{"type":36,"value":2183},{"type":30,"tag":111,"props":2500,"children":2501},{"style":146},[2502],{"type":36,"value":2503}," \"AKIAIOSFODNN7EXAMPLE\"",{"type":30,"tag":111,"props":2505,"children":2506},{"style":2170},[2507],{"type":36,"value":1589},{"type":30,"tag":111,"props":2509,"children":2510},{"style":118},[2511],{"type":36,"value":2512},"      // credential hardcodée\n",{"type":30,"tag":111,"props":2514,"children":2515},{"class":113,"line":187},[2516,2521,2525,2530],{"type":30,"tag":111,"props":2517,"children":2518},{"style":128},[2519],{"type":36,"value":2520},"    secretAccessKey",{"type":30,"tag":111,"props":2522,"children":2523},{"style":2496},[2524],{"type":36,"value":2183},{"type":30,"tag":111,"props":2526,"children":2527},{"style":146},[2528],{"type":36,"value":2529}," \"wJalrXUtnFEMI/K7MDENG\"",{"type":30,"tag":111,"props":2531,"children":2532},{"style":118},[2533],{"type":36,"value":2534}," // credential hardcodée\n",{"type":30,"tag":111,"props":2536,"children":2537},{"class":113,"line":2275},[2538,2542,2546],{"type":30,"tag":111,"props":2539,"children":2540},{"style":2170},[2541],{"type":36,"value":165},{"type":30,"tag":111,"props":2543,"children":2544},{"style":128},[2545],{"type":36,"value":806},{"type":30,"tag":111,"props":2547,"children":2548},{"style":2170},[2549],{"type":36,"value":2550},";\n",{"type":30,"tag":111,"props":2552,"children":2553},{"class":113,"line":2284},[2554],{"type":30,"tag":111,"props":2555,"children":2556},{"emptyLinePlaceholder":13},[2557],{"type":36,"value":2281},{"type":30,"tag":111,"props":2559,"children":2560},{"class":113,"line":2293},[2561],{"type":30,"tag":111,"props":2562,"children":2563},{"style":118},[2564],{"type":36,"value":2565},"// ❌ Pattern de logging qui expose des secrets\n",{"type":30,"tag":111,"props":2567,"children":2568},{"class":113,"line":2325},[2569,2574,2578,2583,2587,2592,2598,2603,2608,2613,2617,2623,2627,2632,2636],{"type":30,"tag":111,"props":2570,"children":2571},{"style":128},[2572],{"type":36,"value":2573},"console",{"type":30,"tag":111,"props":2575,"children":2576},{"style":2496},[2577],{"type":36,"value":811},{"type":30,"tag":111,"props":2579,"children":2580},{"style":2164},[2581],{"type":36,"value":2582},"log",{"type":30,"tag":111,"props":2584,"children":2585},{"style":128},[2586],{"type":36,"value":1006},{"type":30,"tag":111,"props":2588,"children":2589},{"style":146},[2590],{"type":36,"value":2591},"`Connecting to DB with password: ",{"type":30,"tag":111,"props":2593,"children":2595},{"style":2594},"--shiki-default:#949CBB;--shiki-dark:#9ECBFF",[2596],{"type":36,"value":2597},"${",{"type":30,"tag":111,"props":2599,"children":2600},{"style":128},[2601],{"type":36,"value":2602},"process",{"type":30,"tag":111,"props":2604,"children":2606},{"style":2605},"--shiki-default:#81C8BE;--shiki-dark:#9ECBFF",[2607],{"type":36,"value":811},{"type":30,"tag":111,"props":2609,"children":2610},{"style":128},[2611],{"type":36,"value":2612},"env",{"type":30,"tag":111,"props":2614,"children":2615},{"style":2605},[2616],{"type":36,"value":811},{"type":30,"tag":111,"props":2618,"children":2620},{"style":2619},"--shiki-default:#EF9F76;--shiki-dark:#79B8FF",[2621],{"type":36,"value":2622},"DB_PASSWORD",{"type":30,"tag":111,"props":2624,"children":2625},{"style":2594},[2626],{"type":36,"value":165},{"type":30,"tag":111,"props":2628,"children":2629},{"style":146},[2630],{"type":36,"value":2631},"`",{"type":30,"tag":111,"props":2633,"children":2634},{"style":128},[2635],{"type":36,"value":806},{"type":30,"tag":111,"props":2637,"children":2638},{"style":2170},[2639],{"type":36,"value":2550},{"type":30,"tag":111,"props":2641,"children":2642},{"class":113,"line":2350},[2643],{"type":30,"tag":111,"props":2644,"children":2645},{"emptyLinePlaceholder":13},[2646],{"type":36,"value":2281},{"type":30,"tag":111,"props":2648,"children":2650},{"class":113,"line":2649},10,[2651],{"type":30,"tag":111,"props":2652,"children":2653},{"style":118},[2654],{"type":36,"value":2655},"// ✅ Pattern correct\n",{"type":30,"tag":111,"props":2657,"children":2659},{"class":113,"line":2658},11,[2660,2664,2668,2672,2676,2680,2684],{"type":30,"tag":111,"props":2661,"children":2662},{"style":2158},[2663],{"type":36,"value":2454},{"type":30,"tag":111,"props":2665,"children":2666},{"style":2457},[2667],{"type":36,"value":2460},{"type":30,"tag":111,"props":2669,"children":2670},{"style":134},[2671],{"type":36,"value":2465},{"type":30,"tag":111,"props":2673,"children":2674},{"style":2468},[2675],{"type":36,"value":2471},{"type":30,"tag":111,"props":2677,"children":2678},{"style":2164},[2679],{"type":36,"value":2476},{"type":30,"tag":111,"props":2681,"children":2682},{"style":128},[2683],{"type":36,"value":1006},{"type":30,"tag":111,"props":2685,"children":2686},{"style":2170},[2687],{"type":36,"value":2485},{"type":30,"tag":111,"props":2689,"children":2691},{"class":113,"line":2690},12,[2692,2697,2701,2706,2711],{"type":30,"tag":111,"props":2693,"children":2694},{"style":128},[2695],{"type":36,"value":2696},"    credentials",{"type":30,"tag":111,"props":2698,"children":2699},{"style":2496},[2700],{"type":36,"value":2183},{"type":30,"tag":111,"props":2702,"children":2703},{"style":2164},[2704],{"type":36,"value":2705}," fromEnv",{"type":30,"tag":111,"props":2707,"children":2708},{"style":128},[2709],{"type":36,"value":2710},"()  ",{"type":30,"tag":111,"props":2712,"children":2713},{"style":118},[2714],{"type":36,"value":2715},"// lecture depuis les variables d'environnement\n",{"type":30,"tag":111,"props":2717,"children":2719},{"class":113,"line":2718},13,[2720,2724,2728],{"type":30,"tag":111,"props":2721,"children":2722},{"style":2170},[2723],{"type":36,"value":165},{"type":30,"tag":111,"props":2725,"children":2726},{"style":128},[2727],{"type":36,"value":806},{"type":30,"tag":111,"props":2729,"children":2730},{"style":2170},[2731],{"type":36,"value":2550},{"type":30,"tag":38,"props":2733,"children":2734},{},[2735],{"type":36,"value":2736},"La raison : les LLMs ont été entraînés sur du code d'exemple qui contient fréquemment des credentials \"de test\" hardcodées. Ils reproduisent ce pattern naturellement.",{"type":30,"tag":38,"props":2738,"children":2739},{},[2740],{"type":36,"value":2741},"Garde-fou : outil SAST (Semgrep, GitHub Secret Scanning, Gitleaks) dans la CI qui détecte les patterns de credentials hardcodées avant le merge. Ce check doit être bloquant.",{"type":30,"tag":307,"props":2743,"children":2745},{"cta":309,"href":310,"title":2744,"type":312},"Votre équipe utilise des assistants IA mais votre processus de review n'a pas été adapté aux risques spécifiques ?",[2746],{"type":30,"tag":38,"props":2747,"children":2748},{},[2749],{"type":36,"value":2750},"Vous savez que le code IA-assisté comporte des risques spécifiques, mais vous n'avez pas encore adapté vos pratiques de review et votre outillage de sécurité. En 30 minutes, on définit les priorités et le plan d'action adapté à votre contexte et vos contraintes réglementaires.",{"type":30,"tag":58,"props":2752,"children":2753},{},[],{"type":30,"tag":62,"props":2755,"children":2757},{"id":2756},"vulnérabilité-type-3-dépendances-obsolètes-ou-hallucinations",[2758],{"type":36,"value":2759},"Vulnérabilité type 3 : Dépendances obsolètes ou hallucinations",{"type":30,"tag":38,"props":2761,"children":2762},{},[2763],{"type":36,"value":2764},"Quand un LLM génère du code qui importe des librairies externes, deux risques spécifiques apparaissent :",{"type":30,"tag":38,"props":2766,"children":2767},{},[2768,2773],{"type":30,"tag":52,"props":2769,"children":2770},{},[2771],{"type":36,"value":2772},"Dépendances avec CVE connus :",{"type":36,"value":2774}," le LLM suggère une version d'une librairie qui avait des vulnérabilités connues au moment de son entraînement, et qui ont pu être corrigées depuis, mais la version vulnérable reste dans le code généré.",{"type":30,"tag":38,"props":2776,"children":2777},{},[2778,2783],{"type":30,"tag":52,"props":2779,"children":2780},{},[2781],{"type":36,"value":2782},"Package hallucination :",{"type":36,"value":2784}," les LLMs peuvent inventer des noms de packages plausibles qui n'existent pas (ou qui existent sous un nom de typosquat malveillant). C'est le vecteur de l'attaque \"dependency confusion\", documentée par de nombreux chercheurs en sécurité depuis 2021.",{"type":30,"tag":100,"props":2786,"children":2790},{"className":2787,"code":2788,"language":2789,"meta":8,"style":8},"language-bash shiki shiki-themes catppuccin-frappe github-dark","# LLM suggère d'importer \"utility-helper-crypto\" — package qui n'existe pas\n# Un attaquant peut publier ce package sur npm avec du code malveillant\nnpm install utility-helper-crypto  # ❌ vérifier l'existence avant d'installer\n","bash",[2791],{"type":30,"tag":107,"props":2792,"children":2793},{"__ignoreMap":8},[2794,2802,2810],{"type":30,"tag":111,"props":2795,"children":2796},{"class":113,"line":114},[2797],{"type":30,"tag":111,"props":2798,"children":2799},{"style":118},[2800],{"type":36,"value":2801},"# LLM suggère d'importer \"utility-helper-crypto\" — package qui n'existe pas\n",{"type":30,"tag":111,"props":2803,"children":2804},{"class":113,"line":124},[2805],{"type":30,"tag":111,"props":2806,"children":2807},{"style":118},[2808],{"type":36,"value":2809},"# Un attaquant peut publier ce package sur npm avec du code malveillant\n",{"type":30,"tag":111,"props":2811,"children":2812},{"class":113,"line":178},[2813,2818,2823,2828],{"type":30,"tag":111,"props":2814,"children":2815},{"style":2164},[2816],{"type":36,"value":2817},"npm",{"type":30,"tag":111,"props":2819,"children":2820},{"style":146},[2821],{"type":36,"value":2822}," install",{"type":30,"tag":111,"props":2824,"children":2825},{"style":146},[2826],{"type":36,"value":2827}," utility-helper-crypto",{"type":30,"tag":111,"props":2829,"children":2830},{"style":118},[2831],{"type":36,"value":2832},"  # ❌ vérifier l'existence avant d'installer\n",{"type":30,"tag":38,"props":2834,"children":2835},{},[2836],{"type":36,"value":2837},"Garde-fou : ne jamais installer un package suggéré par un LLM sans vérifier son existence sur le registre officiel et son score de sécurité (npm audit, Snyk, Socket.dev).",{"type":30,"tag":58,"props":2839,"children":2840},{},[],{"type":30,"tag":62,"props":2842,"children":2844},{"id":2843},"les-5-garde-fous-à-mettre-en-place",[2845],{"type":36,"value":2846},"Les 5 garde-fous à mettre en place",{"type":30,"tag":2848,"props":2849,"children":2851},"h3",{"id":2850},"garde-fou-1-sast-dans-la-ci",[2852],{"type":36,"value":2853},"Garde-fou 1 : SAST dans la CI",{"type":30,"tag":38,"props":2855,"children":2856},{},[2857,2862],{"type":30,"tag":84,"props":2858,"children":2859},{"href":654},[2860],{"type":36,"value":2861},"SonarQube, Semgrep, ou GitHub Advanced Security",{"type":36,"value":2863}," détectent les patterns de vulnérabilités courants indépendamment de l'origine du code, qu'il soit humain ou IA. Ce check doit être bloquant sur les vulnérabilités Critical et High.",{"type":30,"tag":2848,"props":2865,"children":2867},{"id":2866},"garde-fou-2-checklist-de-review-spécifique-au-code-ia",[2868],{"type":36,"value":2869},"Garde-fou 2 : Checklist de review spécifique au code IA",{"type":30,"tag":38,"props":2871,"children":2872},{},[2873,2875,2880],{"type":36,"value":2874},"Au-delà de la review standard, les reviewers vérifient explicitement pour le code IA-assisté (voir la ",{"type":30,"tag":84,"props":2876,"children":2877},{"href":400},[2878],{"type":36,"value":2879},"checklist complète en 12 points",{"type":36,"value":2881},") :",{"type":30,"tag":2883,"props":2884,"children":2885},"ul",{},[2886,2892,2897,2902],{"type":30,"tag":2887,"props":2888,"children":2889},"li",{},[2890],{"type":36,"value":2891},"Aucune credential hardcodée",{"type":30,"tag":2887,"props":2893,"children":2894},{},[2895],{"type":36,"value":2896},"Toutes les requêtes DB sont paramétrées",{"type":30,"tag":2887,"props":2898,"children":2899},{},[2900],{"type":36,"value":2901},"Les dépendances importées ont été vérifiées",{"type":30,"tag":2887,"props":2903,"children":2904},{},[2905],{"type":36,"value":2906},"Les inputs utilisateurs sont validés et sanitisés",{"type":30,"tag":2848,"props":2908,"children":2910},{"id":2909},"garde-fou-3-politique-de-prompt",[2911],{"type":36,"value":2912},"Garde-fou 3 : Politique de prompt",{"type":30,"tag":38,"props":2914,"children":2915},{},[2916],{"type":36,"value":2917},"Documentez quelles données peuvent et ne peuvent pas être incluses dans les prompts envoyés à des services IA externes : pas de données personnelles, pas de données clients, pas de credentials, pas de secrets d'infrastructure.",{"type":30,"tag":2848,"props":2919,"children":2921},{"id":2920},"garde-fou-4-formation-des-développeurs",[2922],{"type":36,"value":2923},"Garde-fou 4 : Formation des développeurs",{"type":30,"tag":38,"props":2925,"children":2926},{},[2927,2929,2934],{"type":36,"value":2928},"Une session de 2 heures sur les patterns de vulnérabilités spécifiques au code LLM-généré suffit à doubler la détection lors des reviews. Découvrez comment ",{"type":30,"tag":84,"props":2930,"children":2931},{"href":5},[2932],{"type":36,"value":2933},"intégrer l'IA dans votre code review",{"type":36,"value":2935}," tout en renforçant la sécurité. Les développeurs qui connaissent les patterns les cherchent. Ceux qui ne les connaissent pas ne les voient pas. C'est aussi simple que ça.",{"type":30,"tag":2848,"props":2937,"children":2939},{"id":2938},"garde-fou-5-audit-trimestriel-du-code-ia-assisté",[2940],{"type":36,"value":2941},"Garde-fou 5 : Audit trimestriel du code IA-assisté",{"type":30,"tag":38,"props":2943,"children":2944},{},[2945],{"type":36,"value":2946},"Auditer trimestriellement un échantillon du code développé avec assistance IA pour identifier des patterns systémiques de vulnérabilité. C'est une pratique préventive, pas réactive.",{"type":30,"tag":38,"props":2948,"children":2949},{},[2950],{"type":36,"value":2951},"Dans ce même client (18 développeurs), l'introduction de GitHub Advanced Security + une checklist de review spécifique au code IA a détecté en 3 mois 12 instances de secrets hardcodés et 8 vulnérabilités d'injection qui auraient atteint la production. Coût de l'implémentation : 5 jours. Coût évité (estimation conservatrice basée sur le coût moyen d'un incident de sécurité dans le secteur financier) : plus de 500 000€.",{"type":30,"tag":38,"props":2953,"children":2954},{},[2955],{"type":36,"value":2956},"L'IA accélère la production. Elle ne remplace pas le jugement de sécurité.",{"type":30,"tag":58,"props":2958,"children":2959},{},[],{"type":30,"tag":62,"props":2961,"children":2963},{"id":2962},"faq-sur-la-sécurité-du-code-llm",[2964],{"type":36,"value":2965},"FAQ sur la sécurité du code LLM",{"type":30,"tag":638,"props":2967,"children":2968},{},[2969,2974],{"type":30,"tag":642,"props":2970,"children":2971},{},[2972],{"type":36,"value":2973},"1. Les LLMs vont-ils s'améliorer sur la sécurité du code au fil du temps ?",{"type":30,"tag":38,"props":2975,"children":2976},{},[2977],{"type":36,"value":2978},"Oui, progressivement. Les LLMs récents sont significativement meilleurs que leurs prédécesseurs sur les patterns de sécurité de base. Mais ils continuent à faire des erreurs sur les vulnérabilités contextuelles, celles qui dépendent de la logique métier spécifique de votre application. Ces erreurs-là ne pourront pas être éliminées par l'amélioration des modèles seule.",{"type":30,"tag":638,"props":2980,"children":2981},{},[2982,2987],{"type":30,"tag":642,"props":2983,"children":2984},{},[2985],{"type":36,"value":2986},"2. Les outils SAST détectent-ils les vulnérabilités spécifiques au code IA-généré ?",{"type":30,"tag":38,"props":2988,"children":2989},{},[2990],{"type":36,"value":2991},"Les SAST détectent les patterns de vulnérabilités connus indépendamment de l'origine du code. Ils sont efficaces sur les injections, les hardcoded secrets, et les dépendances vulnérables. Ils ne détectent pas les vulnérabilités logiques, c'est-à-dire le code qui fait quelque chose de sécuritairement incorrect mais syntaxiquement valide. Pour celles-là, la review humaine reste indispensable.",{"type":30,"tag":638,"props":2993,"children":2994},{},[2995,3000],{"type":30,"tag":642,"props":2996,"children":2997},{},[2998],{"type":36,"value":2999},"3. Faut-il une politique différente pour Copilot vs Claude vs ChatGPT ?",{"type":30,"tag":38,"props":3001,"children":3002},{},[3003],{"type":36,"value":3004},"La politique doit être basée sur les données traitées et les clauses contractuelles, pas sur l'outil spécifique. Questions à évaluer pour chaque outil : les prompts sont-ils utilisés pour l'entraînement ? Le fournisseur propose-t-il un DPA compatible RGPD ? Les données sont-elles hébergées en EU si requis ? Les réponses varient par outil et par offre : Consumer, Enterprise ou API.",{"type":30,"tag":638,"props":3006,"children":3007},{},[3008,3013],{"type":30,"tag":642,"props":3009,"children":3010},{},[3011],{"type":36,"value":3012},"4. Comment former rapidement une équipe aux vulnérabilités du code LLM-généré ?",{"type":30,"tag":38,"props":3014,"children":3015},{},[3016],{"type":36,"value":3017},"La méthode la plus efficace : présenter des exemples réels de code vulnérable généré par LLM et demander à l'équipe de trouver les problèmes. Cette approche en \"capture the flag\" crée une mémoire musculaire plus durable que des slides. 2 heures de session avec 10 à 15 exemples réels suffisent à développer les réflexes de base.",{"type":30,"tag":638,"props":3019,"children":3020},{},[3021,3026],{"type":30,"tag":642,"props":3022,"children":3023},{},[3024],{"type":36,"value":3025},"5. Les startups sans RSSI dédié peuvent-elles gérer ces risques seules ?",{"type":30,"tag":38,"props":3027,"children":3028},{},[3029],{"type":36,"value":3030},"Oui, avec 3 garde-fous prioritaires : GitHub Secret Scanning (activé gratuitement sur les repos GitHub, détecte les credentials avant le push), une règle de review PR obligatoire qui checke les injections et les hardcoded secrets, et une politique simple : \"aucune donnée client ou credential dans les prompts\". Ces trois mesures couvrent 80% des risques avec 20% de l'effort.",{"type":30,"tag":58,"props":3032,"children":3033},{},[],{"type":30,"tag":307,"props":3035,"children":3036},{"cta":2007,"href":2008,"title":2009,"type":2010},[3037],{"type":30,"tag":38,"props":3038,"children":3039},{},[3040],{"type":36,"value":3041},"La checklist AI-Ready inclut une section dédiée à la sécurité du code IA-assisté : critères de gouvernance, checklist de review spécifique, et politiques d'usage recommandées. Adaptable à votre contexte réglementaire.",{"type":30,"tag":2018,"props":3043,"children":3044},{},[3045],{"type":36,"value":2022},{"title":8,"searchDepth":124,"depth":124,"links":3047},[3048,3049,3050,3051,3052,3059],{"id":2110,"depth":124,"text":2113},{"id":2129,"depth":124,"text":2132},{"id":2421,"depth":124,"text":2424},{"id":2756,"depth":124,"text":2759},{"id":2843,"depth":124,"text":2846,"children":3053},[3054,3055,3056,3057,3058],{"id":2850,"depth":178,"text":2853},{"id":2866,"depth":178,"text":2869},{"id":2909,"depth":178,"text":2912},{"id":2920,"depth":178,"text":2923},{"id":2938,"depth":178,"text":2941},{"id":2962,"depth":124,"text":2965},"content:fr:intelligence-artificielle:llm-securite-code-vulnerabilites.md","fr/intelligence-artificielle/llm-securite-code-vulnerabilites.md","fr/intelligence-artificielle/llm-securite-code-vulnerabilites",1775679784498]