CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] | 18 Claims |
1. A method of analyzing a software project for vulnerabilities, the method comprising:
receiving source code;
generating a parse tree from the source code;
extracting scopes of source code blocks using the parse tree;
receiving, from one or more code scanners, vulnerability reports relating to the source code, the vulnerability reports identifying vulnerabilities in the source code;
matching the vulnerabilities identified in the vulnerability reports to corresponding scopes to generate a set of scoped vulnerabilities;
generating fingerprints of at least some of the scoped vulnerabilities, wherein the fingerprint for a vulnerability is generated using a scope of the vulnerability and an offset of the vulnerability, the offset being computed by subtracting a line number of the vulnerability from a start line of the scope;
deduplicating the scoped vulnerabilities using the fingerprints; and
generating a refined vulnerabilities report using the deduplicated scoped vulnerabilities.
|