Abstract: Systems and methods are provided for training a machine learning model to generate a score indicating a level of discrepancy between a commit message and a corresponding code change. The computing system receives a commit comprising a given commit message and a given corresponding code change and analyzes, using the trained machine learning model, the given commit message and given corresponding code change to generate a score indicating the level of discrepancy between the given commit message and the given corresponding code change of the received commit.

Abstract: Systems and methods are provided for analyzing a commit comprising an updated version of software code against a previous version of software code to determine a plurality of methods in the commit that have been changed, identifying a previous version and an updated version for each method that has been changed, and generating graphical representations of each previous version and each updated version of each method that has been changed. The systems and methods further provide for extracting path contexts from each graphical representation for each previous version and each updated version of each method, determining path contexts that are different by comparing each path context for each previous version with an associated updated version of each method, and encoding each path context that is different to generate at least one commit vector representation of the commit.

Abstract: Systems and methods are provided for training a machine learning model to generate a score indicating a level of discrepancy between a commit message and a corresponding code change. The computing system receives a commit comprising a given commit message and a given corresponding code change and analyzes, using the trained machine learning model, the given commit message and given corresponding code change to generate a score indicating the level of discrepancy between the given commit message and the given corresponding code change of the received commit.

Abstract: Distributed vector representations of source code commits, are generated to become part of a data corpus for machine learning (ML) for analyzing source code. The code commit is received, and time information is referenced to split the source code into pre-change source code and post-change source code. The pre-change source code is converted into a first code representation (e.g., based on a graph model), and the post-change source code into a second code representation. A first particle is generated from the first code representation, and a second particle is generated from the second code representation. The first particle and the second particle are compared to create a delta. The delta is transformed into a first commit vector by referencing an embedding matrix to numerically encode the first particle and the second particle. Following classification, the commit vector is stored in a data corpus for performing ML analysis upon source code.

Abstract: Distributed vector representations of source code commits, are generated to become part of a data corpus for machine learning (ML) for analyzing source code. The code commit is received, and time information is referenced to split the source code into pre-change source code and post-change source code. The pre-change source code is converted into a first code representation (e.g., based on a graph model), and the post-change source code into a second code representation. A first particle is generated from the first code representation, and a second particle is generated from the second code representation. The first particle and the second particle are compared to create a delta. The delta is transformed into a first commit vector by referencing an embedding matrix to numerically encode the first particle and the second particle. Following classification, the commit vector is stored in a data corpus for performing ML analysis upon source code.

Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.

Abstract: Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.

Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix.

Abstract: The method includes capturing an execution scenario associated with a real-time execution of an application, determining at least one scenario variable based on the execution scenario, generating a test case based on a code template, the execution scenario and the at least one scenario variable, and updating a test suite using the test case, the test suite configured to define a quality test of the application.

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

Abstract: Automated systems and methods for assessing the urgency of installing a patch for a component of a software application are described. The systems and methods involve identifying a set of defective programming constructs of the component that are altered by the patch, collecting execution traces of programming constructs of the software application and programming constructs of the component in a context of application use, and evaluating the execution traces to determine whether one or more defective programming constructs of the component are invoked in the context of application use.

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.

Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.

Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.