Samaritan identifies specific commits to a source code repository that are more likely to contain a security vulnerability. Our visualizations quickly highlight which code has been touched by these risky commits, helping you focus your vulnerability hunting.
Samaritan measures five human dimensions of software engineering that lead to vulnerabilities:
- Unfocused contribution
- Prior Vulnerability
Each human dimension is measured using one or more metrics. The metrics that we use have been empirically shown to correlate with vulnerabilities in open source projects. We publicly share our metric implementations for transparency and to support future research.