UniLU's SafeCommit



Functional Components Description

The goal of this tool is twofold:

First, detection of patches which fix software vulnerabilities. To that end, both code and textual

features will be engineered and assessed. These features will be then used by machine learning

algorithms designed and selected to cope with unbalanced datasets.

Second, detection of patches which introduce software vulnerabilities. Like mentioned previously,

code and textual features will be investigated, but it is highly probable that the features are different.

The proposed tool aims at being integrated into real-world software maintenance and usage workflows.

The objective is to carry out a live study in order to collect practitioner feedback for iteratively improving

the tuning of the research output, towards an effective technology transfer.


Services provided

Support platform for R + D + I projects

SafeCommit tool has been developed under an internal project at The University of Luxembourg. It is to be used in order to detect commits introducing vulnerabilities and commit fixing vulnerabilities.

Benchmarking, evaluation and / or certification of products and / or services

None yet.

Training

The approaches used for building this tool could be used as a support for training to automated vulnerability detection and machine learning.

Support for awareness actions or generation of Functional Safety culture in different domains

Currently, developers tend to prioritize an early date for a software and not the correct building of the software. Hence, the introduction of vulnerabilities is more likely due to time constraints and poor code quality. This tool could lower the number of vulnerabilities introduced by leveraging it before committing new code.


Keywords

Vulnerability Detection Tool, DevOps Communities


Services

  • Support platform for R + D + I projects: Detects commits introducing vulnerabilities and commit fixing vulnerabilities.

  • Training: The approaches used for building this tool could be used as a support for training to automated vulnerability detection and machine learning.

  • Support for awareness actions or generation of Functional Safety culture in different domains: Currently, developers tend to prioritize an early date for a software and not the correct building of the software. Hence, the introduction of vulnerabilities is more likely due to time constraints and poor code quality. This tool could lower the number of vulnerabilities introduced by leveraging it before committing new code.


Technical equipment

-


Use request

Non-profit