	US 12,306,739 B2
	Development pipeline integrated ongoing learning for assisted code remediation
Asankhaya Sharma, Singapore (SG); Hao Xiao, Singapore (SG); Hendy Heng Lee Chua, Singapore (SG); and Darius Tsien Wei Foo, Singapore (SG)
Assigned to Veracode, Inc., Burlington, MA (US)
Appl. No. 18/250,794
Filed by Veracode, Inc., Burlington, MA (US)
PCT Filed Oct. 29, 2020, PCT No. PCT/US2020/058067 § 371(c)(1), (2) Date Apr. 27, 2023, PCT Pub. No. WO2022/093250, PCT Pub. Date May 5, 2022.
Prior Publication US 2023/0409464 A1, Dec. 21, 2023
Int. Cl. G06F 11/36 (2006.01); G06F 8/30 (2018.01); G06F 8/36 (2018.01); G06F 11/362 (2025.01); G06F 21/57 (2013.01); G06N 3/0464 (2023.01); G06N 3/08 (2023.01); G06N 20/00 (2019.01); G06N 3/09 (2023.01)

CPC G06F 11/3624 (2013.01) [G06F 8/30 (2013.01); G06F 8/36 (2013.01); G06F 21/577 (2013.01); G06N 3/0464 (2023.01); G06N 3/08 (2013.01); G06N 20/00 (2019.01); G06N 3/09 (2023.01)]

20 Claims

1. A method comprising:

updating a first repository of detected flaws for a software project with a first set of flaws indicated in a first security scan for a first code submission to a software development pipeline;

for the first set of flaws,

obtaining a first set of candidate fixes based, at least partly, on fixes previously implemented for the software project; and

obtaining a second set of candidate fixes from a trained machine learning model pipeline, wherein the trained machine learning model pipeline has been trained with training data based on code submissions of the software project and based on flaw and fix data for other software projects;

presenting at least some of the first and second sets of candidate fixes as suggested fixes for the first set of flaws; and

based on selections from the suggested fixes, supplying training data for ongoing learning of the trained machine learning model pipeline.