CVEMemory© Documentation

Code security vertical that scans for CVE patterns in real source code.

Product Overview

Turn code scans into episodes that VAAS-X can learn from.

Ingestion

Bring repositories and builds into CVEMemory©.

  • Scan source code, not just dependencies
  • Use CI to feed in new commits
  • Track repository and commit metadata

Patterns

Use CVE patterns and heuristics to find issues.

  • Rule-based signatures per CVE
  • Variant-aware detection
  • Language-aware scanning

Episodes

Store results as state-action-outcome episodes.

  • Repository, file path, and commit
  • CVE identifiers and pattern ids
  • Outcome tracking (true/false positives, fixes)

Using CVEMemory©

1. Run a Scan

Invoke the scanner against your codebase.

  • Point to your source tree
  • Run the CVE scanning tool
  • Collect raw findings

2. Create Episodes

Transform findings into VAAS-X episodes.

  • Map each finding to an episode
  • Include context and outcome fields
  • Ingest into the appropriate shard

3. Learn Over Time

Use history to reduce noise and focus on real issues.

  • Track which patterns are valuable
  • Calibrate confidence bands
  • Update rules and thresholds