Abstract: A method or system for testing and benchmarking commits made on source code. The system extracts commits from a history of a first code history that records a sequence of commits made thereon. The extracted commits are then combined into a sequence of patches, each of which includes changes made during consecutive commits. The system also establishes a connection with a system under test (SUT) having a second code repository corresponding to a historical version of the first code repository before the extracted commits were made, and sequentially applies the sequence of the patches to the second code repository. Performance of the SUT is monitored during the application of the sequence of the patches to determine whether the SUT performs as expected after the application of each patch.

Abstract: A system or a method for analyzing a software project for vulnerabilities. The system extracts scopes of source code, each of which is a source code block that contains a definition of an entity. The system also receives a vulnerability report relating to the source code. The vulnerability report identifies a vulnerability at a line of the source code. The system identifies a subset of the scopes of source code that contains the line of source code where the vulnerability is identified. The system identifies, based on smatch values, a minimum scope among the subset of the scopes that contains the line of source code where the vulnerability is identified, and generates a scoped vulnerability report recording the minimum scope and the vulnerability.

Abstract: Source code is managed through a source code management system and one or more static application security testing scanners check the source-code for vulnerabilities. The scanners generate vulnerability reports that are processed by a vulnerability tracker. The vulnerability tracker computes the scopes of identified vulnerabilities from the source-code and generates scope and offset fingerprints (e.g., hashes that uniquely identify vulnerabilities based on their surrounding scope). The fingerprints used for deduplication and vulnerability tracking. The vulnerability tracker may generate a refined vulnerability report that includes a set of deduplicated vulnerabilities with the corresponding fingerprints. The refined vulnerability report and related data may be stored in a vulnerability database for use in vulnerability management.