Abstract: A system includes a computing server having a processor and memory. The memory stores code including instructions. The instructions, when executed by the system, cause the system to perform steps including receiving a query from a user device, converting the query into a predicate expression data instance, generating an iteration tree based on the predicate expression data instance, determining search data based on the generated iteration tree, accessing a set of index entries of the key-value store, and searching the set of index entries based on the search data. A graphical user interface is in communication with the computing server and configured to display an indicator associated with the results of the search.

Abstract: A method for assessing vulnerable flows in a cloud-native application, the method including the steps of: mapping runtime functions in microservices in the cloud-native application; mapping the application cloud-native stack infrastructure configurations; mapping logical flows between microservices and third-party components in the cloud-native application; creating and executing security tests on the mapped logical flows, infrastructure configurations and runtime functions to return tested runtime behavior; and analyzing the tested runtime behavior of the cloud native application to validate the potential vulnerable logical flows so as to return validated vulnerable flows.

Abstract: Embodiments described herein are directed to determining whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on an analysis of the address space in memory allocated for a computing process of the application. The statically-determined characteristics are compared to the determined runtime characteristics to determine discrepancies therebetween. In the event that a discrepancy is found, a determination is made that the application has been compromised or corrupted and an appropriate remedial action is automatically performed.

Abstract: Resources, like source code, can be stored in a repository and managed through a resource repository system. The resource repository system includes a processor and a memory for storing a plurality of data structures, each data structure comprising a current version of a corresponding resource and at least one past version of the corresponding resource. The processor is communicatively coupled to the memory and configured to: request a transaction on a resource of a repository; create a snapshot of the repository; perform reads and/or writes of the transaction against the snapshot; evaluate potential conflicts between concurrently committed transactions; if no conflict is found, commit the transaction by persisting it to a write-ahead log; and update the repository based on the write-ahead log.

Abstract: A method or system for testing and benchmarking commits made on source code. The system extracts commits from a history of a first code history that records a sequence of commits made thereon. The extracted commits are then combined into a sequence of patches, each of which includes changes made during consecutive commits. The system also establishes a connection with a system under test (SUT) having a second code repository corresponding to a historical version of the first code repository before the extracted commits were made, and sequentially applies the sequence of the patches to the second code repository. Performance of the SUT is monitored during the application of the sequence of the patches to determine whether the SUT performs as expected after the application of each patch.

Abstract: A system or a method for analyzing a software project for vulnerabilities. The system extracts scopes of source code, each of which is a source code block that contains a definition of an entity. The system also receives a vulnerability report relating to the source code. The vulnerability report identifies a vulnerability at a line of the source code. The system identifies a subset of the scopes of source code that contains the line of source code where the vulnerability is identified. The system identifies, based on smatch values, a minimum scope among the subset of the scopes that contains the line of source code where the vulnerability is identified, and generates a scoped vulnerability report recording the minimum scope and the vulnerability.

Abstract: Source code is managed through a source code management system and one or more static application security testing scanners check the source-code for vulnerabilities. The scanners generate vulnerability reports that are processed by a vulnerability tracker. The vulnerability tracker computes the scopes of identified vulnerabilities from the source-code and generates scope and offset fingerprints (e.g., hashes that uniquely identify vulnerabilities based on their surrounding scope). The fingerprints used for deduplication and vulnerability tracking. The vulnerability tracker may generate a refined vulnerability report that includes a set of deduplicated vulnerabilities with the corresponding fingerprints. The refined vulnerability report and related data may be stored in a vulnerability database for use in vulnerability management.