Abstract: In a computer-implemented method for improving a static analyzer output, a processor receives a labeled data set with labeled true vulnerabilities and labeled false vulnerabilities. A processor receives pretrained contextual embeddings from a contextual embeddings model. A processor maps the true vulnerabilities and the false vulnerabilities to the pretrained contextual embeddings model. A processor generates a fine-tuned model with classifications for true vulnerabilities.

Abstract: A method, a computer system, and a computer program product for building pre-trained contextual embeddings is provided. Embodiments of the present invention may include collecting programming code. Embodiments of the present invention may include loading and preparing the programming code using a specialized programming language keywords-based vocabulary. Embodiments of the present invention may include creating contextual embeddings for the programming code. Embodiments of the present invention may include storing the contextual embeddings.

Abstract: In a computer-implemented method for improving a static analyzer output, a processor receives a labeled data set with labeled true vulnerabilities and labeled false vulnerabilities. A processor receives pretrained contextual embeddings from a contextual embeddings model. A processor maps the true vulnerabilities and the false vulnerabilities to the pretrained contextual embeddings model. A processor generates a fine-tuned model with classifications for true vulnerabilities.

Abstract: A method, a computer system, and a computer program product for building pre-trained contextual embeddings is provided. Embodiments of the present invention may include collecting programming code. Embodiments of the present invention may include loading and preparing the programming code using a specialized programming language keywords-based vocabulary. Embodiments of the present invention may include creating contextual embeddings for the programming code. Embodiments of the present invention may include storing the contextual embeddings.

Abstract: A method, a computer system, and a computer program product for vulnerability analysis using contextual embeddings is provided. Embodiments of the present invention may include collecting labeled code snippets. Embodiments of the present invention may include preparing the labeled code snippets. Embodiments of the present invention may include tokenizing the labeled code snippets. Embodiments of the present invention may include fine-tuning a model. Embodiments of the present invention may include collecting unlabeled code snippets. Embodiments of the present invention may include predicting a vulnerability of the unlabeled code snippets using the model.