vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

fedcode-next: Extract fix commits from the commit logs in search for CVE-related commit messages

Open pombredanne opened this issue 3 months ago • 0 comments

We should create a pipeline that extract fix commits by parsing commit messages there is multiple way we for doing that

  • Use a single simple regular expression. ex CVE-\d{4}-\d{4,7}
  • Apply multiple regular expressions with a k-top ranking strategy.
  • Develop a machine learning model to extract the most relevant fix commits.

Tools Using Similar Approaches to Parse Git Commit Messages:

  • https://github.com/CERTCC/git_vul_driller
  • https://github.com/Ananya-0306/vuln-finder
  • https://github.com/aklyussef/VulnerabilityPatchFinder
  • https://github.com/cve-search/git-vuln-finder

pombredanne avatar Oct 09 '25 15:10 pombredanne