Automated code review and vulnerability detection using graph neural networks: Enhancing DevSecOps Workflows

Mohamed Abdul Kadar *

Independent Researcher, USA.
Review
World Journal of Advanced Engineering Technology and Sciences, 2022, 05(01), 113-022.
Article DOI: 10.30574/wjaets.2022.5.1.0031
Publication history: 
Received on 28 December 2021; revised on 26 January 2022; accepted on 30 January 2022
Abstract: 
Modern software development practices increasingly emphasize security integration throughout the development lifecycle, particularly in DevSecOps workflows. This research proposes a novel approach to automated code review and vulnerability detection using Graph Neural Networks (GNNs), which represent code as structural graphs to capture semantic relationships between code elements. We developed a comprehensive framework that converts source code into graph representations, extracts semantic features, and trains GNN models to identify security vulnerabilities and code quality issues. Our model achieved 93.7% accuracy in vulnerability detection across multiple programming languages, outperforming traditional static analysis tools by 27% and conventional deep learning approaches by 18%. The system was integrated into CI/CD pipelines to provide real-time feedback during code commits, reducing security vulnerabilities by 76% and decreasing false positives by 41% compared to conventional methods. Our approach demonstrates significant improvements in detection accuracy, context-awareness, and reduction in manual review time, offering a promising direction for enhancing security in modern software development environments. 
Keywords: 
Graph Neural Networks; Code Vulnerability Detection; DevSecOps; Static Analysis; Software Security; Deep Learning; Code Review Automation
Full text article in PDF: 

Click here

 
Copyright information: 
Copyright © 2022 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0