Abstract: A system and method to adaptively generate a program model. Source code of a program to be tested for code issues, and a set of predefined patterns to be tested in the source code are received. Feature configuration data is generated by determining a set of features corresponding to the received set of predefined patterns. A set of program models is identified by selecting, for each feature in the set of features, a program model from among a plurality of program models that is optimized for the feature. A dynamic program model is built based on the identified set of program models, the dynamic program model being adapted to resolve each of the patterns included in the received set of predefined patterns. And the source code is tested for code issues by extracting from the dynamic program model instances of each of the set of predefined patterns.

Abstract: A method or system for testing and benchmarking commits made on source code. The system extracts commits from a history of a first code history that records a sequence of commits made thereon. The extracted commits are then combined into a sequence of patches, each of which includes changes made during consecutive commits. The system also establishes a connection with a system under test (SUT) having a second code repository corresponding to a historical version of the first code repository before the extracted commits were made, and sequentially applies the sequence of the patches to the second code repository. Performance of the SUT is monitored during the application of the sequence of the patches to determine whether the SUT performs as expected after the application of each patch.

Abstract: Source code is managed through a source code management system and one or more static application security testing scanners check the source-code for vulnerabilities. The scanners generate vulnerability reports that are processed by a vulnerability tracker. The vulnerability tracker computes the scopes of identified vulnerabilities from the source-code and generates scope and offset fingerprints (e.g., hashes that uniquely identify vulnerabilities based on their surrounding scope). The fingerprints used for deduplication and vulnerability tracking. The vulnerability tracker may generate a refined vulnerability report that includes a set of deduplicated vulnerabilities with the corresponding fingerprints. The refined vulnerability report and related data may be stored in a vulnerability database for use in vulnerability management.

Abstract: A system or a method for analyzing a software project for vulnerabilities. The system extracts scopes of source code, each of which is a source code block that contains a definition of an entity. The system also receives a vulnerability report relating to the source code. The vulnerability report identifies a vulnerability at a line of the source code. The system identifies a subset of the scopes of source code that contains the line of source code where the vulnerability is identified. The system identifies, based on smatch values, a minimum scope among the subset of the scopes that contains the line of source code where the vulnerability is identified, and generates a scoped vulnerability report recording the minimum scope and the vulnerability.

Abstract: A system and method to adaptively generate a program model. Source code of a program to be tested for code issues, and a set of predefined patterns to be tested in the source code are received. Feature configuration data is generated by determining a set of features corresponding to the received set of predefined patterns. A set of program models is identified by selecting, for each feature in the set of features, a program model from among a plurality of program models that is optimized for the feature. A dynamic program model is built based on the identified set of program models, the dynamic program model being adapted to resolve each of the patterns included in the received set of predefined patterns. And the source code is tested for code issues by extracting from the dynamic program model instances of each of the set of predefined patterns.

Abstract: Source code is managed through a source code management system and one or more static application security testing scanners check the source-code for vulnerabilities. The scanners generate vulnerability reports that are processed by a vulnerability tracker. The vulnerability tracker computes the scopes of identified vulnerabilities from the source-code and generates scope and offset fingerprints (e.g., hashes that uniquely identify vulnerabilities based on their surrounding scope). The fingerprints used for deduplication and vulnerability tracking. The vulnerability tracker may generate a refined vulnerability report that includes a set of deduplicated vulnerabilities with the corresponding fingerprints. The refined vulnerability report and related data may be stored in a vulnerability database for use in vulnerability management.