Abstract: Software provenance validation reports whether a validation binary matches the source code, resources, and other parts, as well as the compiler, runtime, operating system, and other context, which is specified in a provenance manifest for a release binary. Part context checksums, software versions, tool parameters, and other aspects of a build are checked. Certification signatures, timestamps, certain version differences, source code locations, and other data may be ignored for validation purposes. A provenance manifest may include other provenance manifests, including binary rewrite manifests. The provenance manifest may be stored in a debugger file with symbol information, or stored separately. Partial matches may be reported, with details of what matches or does not match. After provenance of a binary is validated, the binary's source code can be analyzed for vulnerabilities, thereby enhancing software supply chain security.

Abstract: Detecting whether or not an open source software package has functionality which is not described by the source code used to build the open source software package. To do so, in one embodiment, this is done by accessing source code used to build the open source software package. The open source software package is built from the source code. After the open source software package has been rebuilt, then it is computed whether or not the rebuilt package accomplishes the same functions as the open source software package. Finally, if the rebuilt package does not accomplish the same functions as the open source software package, an alert is raised.

Abstract: Examples of the usage of a command of a command line interface includes the command with a set of parameters and corresponding parameter values. The examples are generated from telemetry data, which does not contain parameter values, and from web-based sources that may contain multiple parameter values. A machine learning model is used to predict the data type of a parameter value when the parameter is used with a particular command. The predicted data type is then used to select an appropriate parameter value for the example from multiple known parameter values or to generate a parameter value when no known parameter value exists.

Abstract: Software provenance validation reports whether a validation binary matches the source code, resources, and other parts, as well as the compiler, runtime, operating system, and other context, which is specified in a provenance manifest for a release binary. Part context checksums, software versions, tool parameters, and other aspects of a build are checked. Certification signatures, timestamps, certain version differences, source code locations, and other data may be ignored for validation purposes. A provenance manifest may include other provenance manifests, including binary rewrite manifests. The provenance manifest may be stored in a debugger file with symbol information, or stored separately. Partial matches may be reported, with details of what matches or does not match. After provenance of a binary is validated, the binary's source code can be analyzed for vulnerabilities, thereby enhancing software supply chain security.

Abstract: A term-weighting and document-scoring function is used to search for a command line interface (CLI) script that is likely relevant to an operation specified in a natural language query. CLI scripts are created to perform various operations of a CLI-based application. A CLI script is associated with a description document having keywords associated with the individual commands used in the CLI script. The relevance of a CLI script to an intended operation is based on the term-weighting and document-scoring function which is applied to each component of each command in a CLI script and weighted accordingly.

Abstract: Detecting whether or not an open source software package has functionality which is not described by the source code used to build the open source software package. To do so, in one embodiment, this is done by accessing source code used to build the open source software package. The open source software package is built from the source code. After the open source software package has been rebuilt, then it is computed whether or not the rebuilt package accomplishes the same functions as the open source software package. Finally, if the rebuilt package does not accomplish the same functions as the open source software package, an alert is raised.

Abstract: A term-weighting and document-scoring function is used to search for a command line interface (CLI) script that is likely relevant to an operation specified in a natural language query. CLI scripts are created to perform various operations of a CLI-based application. A CLI script is associated with a description document having keywords associated with the individual commands used in the CLI script. The relevance of a CLI script to an intended operation is based on the term-weighting and document-scoring function which is applied to each component of each command in a CLI script and weighted accordingly.

Abstract: Examples of the usage of a command of a command line interface includes the command with a set of parameters and corresponding parameter values. The examples are generated from telemetry data, which does not contain parameter values, and from web-based sources that may contain multiple parameter values. A machine learning model is used to predict the data type of a parameter value when the parameter is used with a particular command. The predicted data type is then used to select an appropriate parameter value for the example from multiple known parameter values or to generate a parameter value when no known parameter value exists.