Abstract: A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.

Abstract: A method (300) for determining latent variables related to quality of an open source project.

Abstract: Information is received that pertains to a security vulnerability of a program identified by security testing. The information includes the security vulnerability and the source code responsible for the security vulnerability. Based on the information pertaining to the security vulnerability, a prompt is generated to input to a large language model (LLM). The prompt is generated to solicit a response from the LLM including whether the security vulnerability is an actual security vulnerability; a justification as to why the LLM has indicated that the security vulnerability is an actual security vulnerability or not; and in a case in which the security vulnerability is an actual security vulnerability, a recommended fix to resolve the security vulnerability.

Abstract: A database stores, for each of a number of software packages, a software package embedding representing the software package. The database stores, for each software package, code block embeddings respectively representing code blocks of the software package. The database stores, for each software package, functionality embeddings respectively representing functionality clusters into which the code block embeddings representing the code blocks of the software package have been clustered. A query embedding representing a query is generated, and used to query the database to identify a relevant code block within a relevant software package for the query.

Abstract: A method (500) for finding vulnerabilities in a software project.

Abstract: A composition is generated by an AI algorithm. For example, the AI generated composition may be an image that was generated by the AI algorithm. The AI generated composition is analyzed, using a similarity algorithm, to identify a snippet of the AI generated composition that is the same or similar to snippet of a composition used to train the AI algorithm. The license information associated with the snippet of the composition used to initially train the AI algorithm is identified. Licensing information for the AI generated composition that comprises the licensing information associated with the identified snippet of the AI generated composition is generated. The licensing information is associated with the AI generated composition. For example, the licensing information may be used to track the AI generated composition and/or copies of the AI generated composition.

Abstract: Input source code is retrieved. The input source code is subject to one or more licenses. For example, input source code subject to the MIT and GPL V2 open-source licenses may be retrieved from an open-source repository. A code generation Artificial Intelligence (AI) algorithm is trained using the input source code. The trained code generation AI algorithm is executed to produce output source code. For example, a set of parameters that define the output source code may be provided as input to execute the code generation AI algorithm. One or more licenses associated with the output source code are identified. For example, a vector-based AI algorithm may be used to identify the one or more licenses. The one or more licenses are associated with the output source code. This allows for proper licensing and attribution of the output source code.

Abstract: Embodiments of the disclosure provide systems and methods for detecting malicious software packages. Detecting malicious software packages can include collecting information identifying one or more known malicious software component classifiers, collecting information identifying one or more known suspicious community behavior classifiers associated with the one or more known malicious software component classifiers and receiving a software package including software components.

Abstract: Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.

Abstract: A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.

Abstract: A database stores, for each of a number of software packages, a software package embedding representing the software package. The database stores, for each software package, code block embeddings respectively representing code blocks of the software package. The database stores, for each software package, functionality embeddings respectively representing functionality clusters into which the code block embeddings representing the code blocks of the software package have been clustered. A query embedding representing a query is generated, and used to query the database to identify a relevant code block within a relevant software package for the query.

Abstract: A method (300) for determining latent variables related to quality of an open source project.

Abstract: A method (500) for finding vulnerabilities in a software project.