Detecting vulnerabilities associated with a software application build

• Main Authors: Yarman, Joseph Scott, Freitag, Jon Augustine, Shih, Stuart Te-Hui
• Format: Patent
• Language: English
• Published: 23.06.2020
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

Methods and apparatuses are described for detecting vulnerabilities associated with a software application build. A server generates a software application build based upon a source code repository, including determining application dependencies of the software application build. The server identifies vulnerabilities associated with the application dependencies. For each identified vulnerability, the server creates an aspect class based upon a package file associated with the vulnerability, the aspect class comprising vulnerability logging code. The server integrates the created aspect classes into libraries of the application dependencies, generates a new package file based upon the application dependencies, and integrates the new package file into the software application build. The server executes the software application build, including generating log statements by calling the aspect classes in the new package file. The server analyzes the log statements to determine which of the identified vulnerabilities were invoked during execution of the software application build.