公开(公告)号：US20240111522A1

公开(公告)日：2024-04-04

申请号：US17955786

申请日：2022-09-29

Applicant: SAP SE

Inventor： Niccolo Togni ,  Antonino Sabetta ,  Rocio Cabrera Lozoya

IPC: G06F8/71 ,  G06F8/41

CPC classification number: G06F8/71 ,  G06F8/433

Abstract: Systems and methods are provided for analyzing a commit comprising an updated version of software code against a previous version of software code to determine a plurality of methods in the commit that have been changed, identifying a previous version and an updated version for each method that has been changed, and generating graphical representations of each previous version and each updated version of each method that has been changed. The systems and methods further provide for extracting path contexts from each graphical representation for each previous version and each updated version of each method, determining path contexts that are different by comparing each path context for each previous version with an associated updated version of each method, and encoding each path context that is different to generate at least one commit vector representation of the commit.

公开(公告)号：US09811668B2

公开(公告)日：2017-11-07

申请号：US14692203

申请日：2015-04-21

Applicant: SAP SE

Inventor： Antonino Sabetta ,  Luca Compagna ,  Serena Ponta ,  Stanislav Dashevskyi ,  Daniel Dos Santos ,  Fabio Massacci

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/57 ,  G06F21/54 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/033

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.

公开(公告)号：US10474456B2

公开(公告)日：2019-11-12

申请号：US16415192

申请日：2019-05-17

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F8/71 ,  G06F8/77 ,  G06F8/36

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

公开(公告)号：US10338916B2

公开(公告)日：2019-07-02

申请号：US15371678

申请日：2016-12-07

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F8/36 ,  G06F8/71 ,  G06F8/77

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix.

公开(公告)号：US20180157486A1

公开(公告)日：2018-06-07

申请号：US15371678

申请日：2016-12-07

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta ,  Francesco Di Cerbo

IPC: G06F9/44

CPC classification number: G06F8/71 ,  G06F8/36 ,  G06F8/77

Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix

公开(公告)号：US09959111B2

公开(公告)日：2018-05-01

申请号：US15206323

申请日：2016-07-11

Applicant: SAP SE

Inventor： Henrik Plate ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F9/445

CPC classification number: G06F8/65 ,  G06F8/658 ,  G06F8/71

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

公开(公告)号：US20180011700A1

公开(公告)日：2018-01-11

申请号：US15206323

申请日：2016-07-11

Applicant: SAP SE

Inventor： HENRIK PLATE ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F9/445

CPC classification number: G06F8/65 ,  G06F8/658 ,  G06F8/71

Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.

公开(公告)号：US20230418599A1

公开(公告)日：2023-12-28

申请号：US17850380

申请日：2022-06-27

Applicant: SAP SE

Inventor： Rocio Cabrera Lozoya ,  Antonino Sabetta ,  Michele Bezzi

IPC: G06F8/77

CPC classification number: G06F8/77

Abstract: Systems and methods are provided for training a machine learning model to generate a score indicating a level of discrepancy between a commit message and a corresponding code change. The computing system receives a commit comprising a given commit message and a given corresponding code change and analyzes, using the trained machine learning model, the given commit message and given corresponding code change to generate a score indicating the level of discrepancy between the given commit message and the given corresponding code change of the received commit.

公开(公告)号：US10831899B2

公开(公告)日：2020-11-10

申请号：US15978691

申请日：2018-05-14

Applicant: SAP SE

Inventor： Michele Bezzi ,  Antonino Sabetta ,  Henrik Plate ,  Serena Ponta

IPC: G06F21/57 ,  G06N20/00

Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.

公开(公告)号：US20200175174A1

公开(公告)日：2020-06-04

申请号：US16209826

申请日：2018-12-04

Applicant: SAP SE

Inventor： Jamarber Bakalli ,  Michele Bezzi ,  Cedric Dangremont ,  Sule Kahraman ,  Henrik Plate ,  Serena Ponta ,  Antonino Sabetta

IPC: G06F21/57 ,  G06F8/71 ,  G06N5/02 ,  G06F16/901

Abstract: Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.