CodeQL detected 171 CVEs total, with 83 caught by a prior version before the fix; detections were often actionable within the vulnerable file but not stable across tool versions.
In: Proceedings of the 17th International Conference on Detection of Intrusions and Malware, and Vulnera- bility Assessment (DIMVA)
3 Pith papers cite this work. Polarity classification is still indexing.
3
Pith papers citing it
citation-role summary
background 3
citation-polarity summary
years
2026 3verdicts
UNVERDICTED 3roles
background 3polarities
background 3representative citing papers
A taxonomy of GitHub abuse behaviors is proposed along with a detection framework achieving F1-scores exceeding 89% on a manually labeled dataset of 392 instances.
Hidden dependencies and component variants in SBOMs cause inconsistent vulnerability reporting and VEX handling across scanners.
citing papers explorer
-
Longitudinal Analyses of SAST Tools: A CodeQL Case Study
CodeQL detected 171 CVEs total, with 83 caught by a prior version before the fix; detections were often actionable within the vulnerable file but not stable across tool versions.
-
Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub
A taxonomy of GitHub abuse behaviors is proposed along with a detection framework achieving F1-scores exceeding 89% on a manually labeled dataset of 392 instances.
-
Hidden Dependencies and Component Variants in SBOM-Based Software Composition Analysis
Hidden dependencies and component variants in SBOMs cause inconsistent vulnerability reporting and VEX handling across scanners.