SAVANT: Vulnerability Detection in Application Dependencies through Semantic-Guided Reachability Analysis
The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis SCA tools struggle to effectively detect vulnerable API usage from these libraries d...