Ability to determine specific code is vulnerable not only the entire OS library
Problem to solve
Reduce false positives by assessing vulnerabilities of open source third party code at the code level, not only at the library level.
Further details
Use source code flow analysis to not only determine that a version is vulnerable, but that the vulnerable part of the component is being used.
This feature is prominent with BlackDuck and would allow us to compete better head-to-head.
(Include use cases, benefits, and/or goals)
Proposal
Would need to determine method of assessment at code level. Database additions...
What does success look like, and how can we measure that?
Competitive wins over BlackDuck (If no way to measure success, link to an issue that will implement a way to measure this)