Pull-Request Vulnerability Screening

• Pull-request-time vulnerability screening is a pre-merge automated analysis that detects and contextualizes potential security vulnerabilities in code changes and dependency updates.
• It integrates static analysis, advanced machine learning, LLM-based inference, and registry-aware checks to enhance vulnerability detection with high precision.
• Empirical frameworks like VP, Bugdar, and CommitShield demonstrate improved detection recall and precision while minimizing reviewer workload.

Pull-request-time vulnerability screening defines a set of pre-merge automated analyses that systematically predict, detect, and contextualize potential security vulnerabilities in proposed code changes or dependency modifications. The screening process is engineered to operate as part of continuous integration (CI) or code review services (e.g., Gerrit, GitHub Actions), coupling static and semantic feature extraction, advanced machine learning or LLM-based inference, and registry-aware guardrails to block or triage risky code before it reaches mainline. Recent frameworks—most notably the Vulnerability Prevention (VP) system for the Android Open Source Project (Yim, 2024), Bugdar for GitHub (Naulty et al., 21 Mar 2025), registry-aware screening for dependency updates (Singla et al., 1 Jan 2026), and hybrid static/LLM approaches (CommitShield) (Wu et al., 7 Jan 2025)—demonstrate that early, context-rich screening dramatically increases the upstream catch rate of vulnerability-inducing changes with manageable reviewer overhead and high precision.

1. System Architectures for Pre-Submit Screening

Architectures for pull-request-time screening are characterized by modular pipeline designs integrating with popular code hosting and review platforms. For general source-code screening, the VP framework’s workflow is representative (Yim, 2024):

• Author uploads a patch set to the repository service.
• The code review system (e.g., Gerrit) triggers a security review bot.
• The bot extracts the patch diff, metadata, and baseline code context.
• A feature extractor computes a multi-faceted vector $x$ from dozens of engineered features.
• A classifier service computes a vulnerability score $s = f(x)$ and compares it to a preselected threshold $\tau$.
• If $s \geq \tau$, the system posts warnings or auto-assigns a security reviewer; otherwise, it passes through standard review.

Other frameworks adapt similar architectures for dependency manifest changes (registry-aware screening (Singla et al., 1 Jan 2026)) or machine learning–augmented analysis (Bugdar (Naulty et al., 21 Mar 2025), CommitShield (Wu et al., 7 Jan 2025)), as illustrated below:

Framework	Trigger	Feature Extraction	Decision Layer
VP (AOSP)	Patch upload/Ready	Diff, metadata, history, TM	RF/LogReg classifier
Bugdar (GitHub)	PR webhook	Chunked code diff + RAG context	LLM or LLM+RAG
Registry-aware	PR manifest change	Dependency tuples, vulnerability	Advisory DB + fixed version
CommitShield	Commit/PR upload	Patch context + static analysis	LLM (DeepSeek-V2.5)

System integration is designed to be asynchronous for scalability, with output directed to automated review comments and action gates in CI/CD workflows.

2. Feature Engineering and Data Sources

Screening frameworks employ richly structured features for vulnerability prediction. The VP system (Yim, 2024) uses a taxonomy of six feature groups:

• Human Profile (HP): Author/reviewer trust scores derived from account data.
• Change Complexity (CC): Quantitative diff metrics (lines added/deleted, patchset revision entropy).
• Review Pattern (RP): Social-context metrics of review timing and approval structure.
• Human History (HH): Aggregated historical scores per actor for vulnerabilities fixed (LNC) or introduced (ViC).
• Vulnerability History (VH): Temporal and spatial aggregation of per-file vulnerability signatures.
• Text Mining (TM): Tokenization and statistical mining of diff operator usage.

Registry-aware dependency screening (Singla et al., 1 Jan 2026) leverages package/version tuples from manifest diffs and consults time-indexed vulnerability advisory databases. Pattern-based approaches for the NPM ecosystem extract six lightweight indicators of runtime risks (Wattanakriengkrai et al., 2023):

• Script insertion, HTTP imports, fs/net calls, eval, and external require invocations, with risk scoring $R(p) = \sum_{i=1}^6 f_i(p)$.

Hybrid systems such as CommitShield (Wu et al., 7 Jan 2025) combine static code contexts (e.g., function nodes, call-graphs via Tree-sitter and Joern) and detailed commit message synthesis, fusing them into LLM prompts.

3. Classification and Decision Models

Random Forests are empirically validated as optimal for VP in code change vulnerability prediction, with each tree $h_t(x)$ voting a label and final score $s = \frac{1}{T}\sum_{t=1}^{T}h_t(x)$; a threshold $\tau$ is selected on the ROC curve to jointly optimize ViC recall ($\geq 75\%$), precision ($\geq 90\%$), and false positive rates ($\leq 2\%$) (Yim, 2024). Ablations confirm the robustness of core features VH+CC+RP.

LLM-based systems (Bugdar) integrate context-chunked diff+retrieved code/documentation and prompt fine-tuned models for binary/multi-class classification, vulnerability description, and remediation suggestion. Retrieval-augmented generation (RAG) further enhances accuracy, with embedding-based nearest neighbor selection to enrich context. CommitShield leverages Deep-Seek-V2.5, reasoning over static analysis results and natural language descriptions within structured multi-block prompts.

Dependency screening uses deterministic queries against advisory DBs, flagging known-vulnerable selections and auto-suggesting remedies, with merge blocking or override-forcing based on policy thresholds (Singla et al., 1 Jan 2026).

4. Training, Evaluation, and Empirical Performance

Dataset construction varies with task:

• VP: Commits/diffs labeled via backtracking from CVE-fixing changes using git blame; monthly rolling retrain/test splits for online deployment.
• Bugdar: Project-specific fine-tuning triples (diff, label, description); token-based chunking manages LLM input constraints (~8K tokens).
• Registry screening: Large-scale manifest change datasets with ground-truth advisory status at PR time (Singla et al., 1 Jan 2026).
• CommitShield: Benchmarks of C/C++ commits (CommitVulFix for fixes, V-SZZ for introductions).

Detection metrics are standard:

• $$P = \frac{TP}{TP+FP},\quad R = \frac{TP}{TP+FN},\quad F_{1} = 2 \frac{P\,R}{P+R},\quad FPR = \frac{FP}{FP+TN}$$

VP achieves ViC recall ≈79.7%, precision ≈98.2%, LNC recall ≈99.8%, mean FPR ≈1.7% in live Android usage (Yim, 2024). Bugdar yields F1 up to 0.49 (classification, gpt-4o, RAG), with 56.4 s/PR throughput and ≈30 LOC/s analysis speed (Naulty et al., 21 Mar 2025). Registry screeners report agents introduce vulnerabilities at 2.46% rate versus 1.64% for humans, with agents requiring major-version upgrades to fix in 36.8% of cases (Singla et al., 1 Jan 2026).

CommitShield shows precision of 0.81 (VFD), recall 0.96, F1 0.88; for VID, precision 0.74, recall 0.82, F1 0.78—substantially outperforming SZZ variants (Wu et al., 7 Jan 2025).

5. Practical Integration and Policy Guardrails

Implementation best practices include:

• Automated notification within PR threads or via bot-assigned security reviews e.g., "High-risk change detected."
• Registry-aware guardrails for dependency updates—blocking merges for high/critical vulnerabilities, explicit developer override for moderate, and patch suggestions for remediation (Singla et al., 1 Jan 2026).
• Lightweight CI pattern-checks (e.g., six indicators for NPM (Wattanakriengkrai et al., 2023)), integrated checklists requiring explanation/test links for unsafe features.
• Extensible frameworks for multi-project integration (per-repo models or global classifiers), adaptable to local risk/cost priorities (Yim, 2024).

Developer friction can be minimized via actionable, inline comments, one-click upgrade mechanisms, grouping of moderate-severity advisories, and override suppression labels (Singla et al., 1 Jan 2026).

Systems are designed for sub-minute latency per PR (5–10 commits batch), enabling real-time secure development cycles (Naulty et al., 21 Mar 2025, Wu et al., 7 Jan 2025).

6. Limitations and Future Research Directions

Pull-request-time vulnerability screening is limited to patterns observed in historical vulnerability-inducing changes—a gap for zero-day or novel bug types (Yim, 2024). Systems reliant on precise commit labeling (e.g., SZZ tracing heuristics) may miss non-local defects (Wu et al., 7 Jan 2025). LLM-based approaches suffer from false positives in generic or multi-language contexts and token-limit constraints for large monorepos (Naulty et al., 21 Mar 2025).

Proposed advances include:

• Enrichment of feature space via AST delta mining or pretrained code embeddings (Yim, 2024), deep learning models (e.g., GNNs over diff ASTs), and active learning via user feedback (Naulty et al., 21 Mar 2025).
• Hybrid static analysis and LLM output fusion to suppress false positives (Naulty et al., 21 Mar 2025, Wu et al., 7 Jan 2025).
• Broader language and ecosystem support, CI-driven dependency screening in package registries, and community-wide sharing of anonymized vulnerability histories for cold-start acceleration (Yim, 2024, Singla et al., 1 Jan 2026).
• Integration of screening flags as seeds for directed security testing (fuzzing, symbolic execution) for further downstream defect detection (Yim, 2024).

7. Ecosystem-Wide Perspectives and Research Questions

Comprehensive screening extends beyond central projects to the long tail of dependencies. Empirical results indicate that ≈19.5% of update-related PRs in NPM are unsafe, with substantial prevalence across both highly depended-upon and tail libraries (Wattanakriengkrai et al., 2023). The research agenda for ecosystem robustness proposes investigation into:

1. The impact and trade-offs of safer implementation alternatives across the ecosystem.
2. Socio-technical motives for acceptance of unsafe updates in both OSS and industry.
3. Differential practices in critical versus peripheral libraries.
4. Refactoring effort estimates for legacy unsafe code.
5. Evidence-based validation regimes for practitioner trust.
6. Roles for test suites, code reviews, and audits as validation of otherwise unsafe updates.

Screening workflows must balance detection coverage and developer workflow sustainability, combining lightweight pattern checks, vulnerability scan aggregation, and explicit justification pathways within the merge process (Wattanakriengkrai et al., 2023), ensuring high signal and actionable remediation prior to integration.

---

Pull-request-time vulnerability screening is now a proven practice for reducing the introduction of vulnerabilities in software mainlines, with empirically validated precision and scalable throughput. The convergence of static analysis, machine learning, LLM-based reasoning, and dependency registry knowledge forms the foundation for robust, project-aware pre-submit security assurance.