	US 11,868,482 B2
	Vulnerability tracing using scope and offset
James Johnson, Sammamish, WA (US); Julian Thome, Esch-sur-Alzette (LU); and Lucas Charles, Portland, OR (US)
Assigned to GitLab Inc., San Francisco, CA (US)
Filed by GitLab Inc., San Francisco, CA (US)
Filed on Sep. 9, 2022, as Appl. No. 17/941,935.
Claims priority of provisional application 63/247,019, filed on Sep. 22, 2021.
Prior Publication US 2023/0104814 A1, Apr. 6, 2023
Int. Cl. G06F 21/57 (2013.01)

CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)]

18 Claims

1. A method of analyzing a software project for vulnerabilities, the method comprising:

receiving source code;

generating a parse tree from the source code;

extracting scopes of source code blocks using the parse tree;

receiving, from one or more code scanners, vulnerability reports relating to the source code, the vulnerability reports identifying vulnerabilities in the source code;

matching the vulnerabilities identified in the vulnerability reports to corresponding scopes to generate a set of scoped vulnerabilities;

generating fingerprints of at least some of the scoped vulnerabilities, wherein the fingerprint for a vulnerability is generated using a scope of the vulnerability and an offset of the vulnerability, the offset being computed by subtracting a line number of the vulnerability from a start line of the scope;

deduplicating the scoped vulnerabilities using the fingerprints; and

generating a refined vulnerabilities report using the deduplicated scoped vulnerabilities.