Rapid Adjudication of Static Analysis Meta-Alerts During Continuous Integration (CI)

Abstract

Manual adjudication of static analysis meta-alerts requires too much effort in short CI build and PR approval time frames to address many (if any) of them. This problem is technically challenging. Developing a new static analysis to precisely match flaws in different version of Java or C++ code requires language-specific algorithms, and the matching must be fast to work in a CI/CD system. Also, when cascading is imprecise, mislabeled data worsens classifier performance, and no effective systems exist that use automated classifiers for multiple static analysis tools in a CI system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2020
Accession Number
AD1110318

Entities

People

  • David Shepard
  • David Svoboda
  • Ebonie Mcneil
  • Hasan Yaşar
  • Joseph Yankel
  • Lori A. Flynn
  • Matt Sisk
  • Shane Ficorilli

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Algorithms
  • Artifacts
  • Authentication
  • Automation
  • Classification
  • Containers
  • Formal Languages
  • Heuristic Methods
  • Language
  • Machine Learning
  • Materials
  • Mathematics
  • Optimization
  • Words (Language)

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Database Systems and Applications
  • Neural Network Machine Learning.