Abstract: In one aspect, a system that provides a context-aware code security solution within a continuous integration and continuous deployment (CI/CD) pipeline is disclosed. During operation, the system can receive a set of security vulnerabilities generated by a set of security tools incorporated with the CI/CD pipeline. The system further receives contextual data associated with the set of security vulnerabilities from a set of DevOps tools used by the CI/CD pipeline. Next, the system augments the set of security vulnerabilities with the received contextual data. The system next prioritizes the augmented security vulnerabilities to identify a subset of high-priority vulnerabilities within the set of security vulnerabilities. The system subsequently notifies the owners of the identified subset of high-priority vulnerabilities to cause the subset of high-priority vulnerabilities to be fixed by the owners.

Abstract: A system for facilitating the identification of sensitive data access based on source-code analysis is provided. During operation, the system can determine whether a repository in a source-code management platform is pertinent to security. If the repository is pertinent to security, the system can determine whether a respective source code file in the repository is pertinent to security. If the source code file is pertinent to security, the system can determine a set of symbols from the source code file and determine, based on the set of symbols, whether the source code file accesses sensitive data. If the source code file accesses sensitive data, the system can present information associated with the source code file in a user interface.

Abstract: In one aspect, a system that provides a context-aware code security solution within a continuous integration and continuous deployment (CI/CD) pipeline is disclosed. During operation, the system can receive a set of security vulnerabilities generated by a set of security tools incorporated with the CI/CD pipeline. The system further receives contextual data associated with the set of security vulnerabilities from a set of DevOps tools used by the CI/CD pipeline. Next, the system augments the set of security vulnerabilities with the received contextual data. The system next prioritizes the augmented security vulnerabilities to identify a subset of high-priority vulnerabilities within the set of security vulnerabilities. The system subsequently notifies the owners of the identified subset of high-priority vulnerabilities to cause the subset of high-priority vulnerabilities to be fixed by the owners.