Patent · US Active

Vulnerability tracking using smatch values of scopes

US12086271B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

GitLab Inc. · US

Inventors

James Johnson · Sammamish, US
Julian Thome · Freimersdorf, DE
Lucas Charles · Portland, US

Key dates

Filing date	Jun 30, 2023
Grant date	Sep 10, 2024
Priority date	—
Expiry date	Jun 30, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system or a method for analyzing a software project for vulnerabilities. The system extracts scopes of source code, each of which is a source code block that contains a definition of an entity. The system also receives a vulnerability report relating to the source code. The vulnerability report identifies a vulnerability at a line of the source code. The system identifies a subset of the scopes of source code that contains the line of source code where the vulnerability is identified. The system identifies, based on smatch values, a minimum scope among the subset of the scopes that contains the line of source code where the vulnerability is identified, and generates a scoped vulnerability report recording the minimum scope and the vulnerability.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.