FALSE-POSITIVES INVALIDATION AND STATIC SECURITY SCANS WITHOUT SCANNING BASED ON REGULAR SCAN HISTORY IN PULL REQUESTS

发明申请

US20220335134A1 FALSE-POSITIVES INVALIDATION AND STATIC SECURITY SCANS WITHOUT SCANNING BASED ON REGULAR SCAN HISTORY IN PULL REQUESTS 有权

请登陆查看更多内容

专利标题： FALSE-POSITIVES INVALIDATION AND STATIC SECURITY SCANS WITHOUT SCANNING BASED ON REGULAR SCAN HISTORY IN PULL REQUESTS
申请号： US17301767

申请日： 2021-04-14
公开(公告)号： US20220335134A1

公开(公告)日： 2022-10-20
发明人: Marcin Filip , Michal Bodziony , Marcin Luczynski , Tomasz Zatorski , Wojciech Mis , BARTOSZ TOMASIK
申请人： International Business Machines Corporation
申请人地址： US NY Armonk
专利权人： International Business Machines Corporation
当前专利权人： International Business Machines Corporation
当前专利权人地址： US NY Armonk
主分类号： G06F21/57
IPC分类号： G06F21/57

FALSE-POSITIVES INVALIDATION AND STATIC SECURITY SCANS WITHOUT SCANNING BASED ON REGULAR SCAN HISTORY IN PULL REQUESTS

摘要：

Providing an automatic mechanism of invalidating false-positive indications of certain identified portions of source code to reduce the number of errors in a security report. Certain embodiments of the present invention utilize static security scanning as a mechanism for automatically determining which portions of the identified source code contain potential vulnerabilities, and whether these identified portions of the source code are correctly or incorrectly identified with a false-positive indication.

公开/授权文献

US12001565B2 False-positives invalidation and static security scans without scanning based on regular scan history in pull requests 公开/授权日：2024-06-04

信息查询

Global Dossier Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F21/00	防止未授权行为的保护计算机、其部件、程序或数据的安全装置
G06F21/50	.监控用户、程序或设备，以维护平台完整。例如：处理器、固件或操作系统
G06F21/57	..确保或维持可信任的计算机平台，例如安全引导或断电、版本控制、系统软件检查、安全更新或评估漏洞