Enhancing Code Security with CodeSheriff: A Multi-Language Vulnerability Scanner

Enhancing Code Security with CodeSheriff: A Multi-Language Vulnerability Scanner | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Article Enhancing Code Security with CodeSheriff: A Multi-Language Vulnerability Scanner Aravind M, Kausal SD, Saranya G, Sajjad shaukat Jamal, Amer Aljaedi, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4757733/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Securing code has become a significant challenge in software development due to cyber threats. Identifying vulnerabilitiesduring development is crucial to reduce security risks. The solution, Codesheriff, is a Telegram bot that scans for vulnerabilitiesautomatically. Codesheriff uses a fastText model trained on the Rosetta Code dataset to detect programming languagesprecisely and employs customized models for detecting vulnerabilities in C, C++, Python, Java, PHP, and JavaScript. Itsperformance is measured against tools like Veracode and Fortify using various metrics. Experiments show Codesheriffachieved precision rates of 93.6% for Python, 93.5% for C/C++, 94.5% for Java, 91.8% for PHP, and 92.4% for JavaScript,demonstrating its robustness and practicality in secure code development. Physical sciences/Mathematics and computing/Computer science Physical sciences/Mathematics and computing/Information technology Physical sciences/Mathematics and computing/Software Physical sciences/Mathematics and computing Vulnerability scanning programming language identification language-specific scanning fastText model Rosetta Code dataset software security Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4757733","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Article","associatedPublications":[],"authors":[{"id":338158580,"identity":"48f696fd-00b5-4a72-b02f-75a6ca967919","order_by":0,"name":"Aravind M","email":"","orcid":"","institution":"Amrita Vishwa Vidyapeetham","correspondingAuthor":false,"prefix":"","firstName":"Aravind","middleName":"","lastName":"M","suffix":""},{"id":338158581,"identity":"50326816-e2b6-4052-bb8c-9258bba531da","order_by":1,"name":"Kausal SD","email":"","orcid":"","institution":"Amrita Vishwa Vidyapeetham","correspondingAuthor":false,"prefix":"","firstName":"Kausal","middleName":"","lastName":"SD","suffix":""},{"id":338158582,"identity":"e23333bb-b390-40fd-b052-fee87bc3cc74","order_by":2,"name":"Saranya G","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA/UlEQVRIiWNgGAWjYFAD9gY2MI1MEgA8B6CK2YjWIpEAVUZIi7wD+8PPFTV3EvtnPn72gKFmWz6ffPMDhg9lh3FqMTzAYyx55tizxBm308wNGI7dtmxjYzNgnHEOj5YGHgbJBrbDiQ23c9gkGNhuGwD9YsDM24ZPC/vjnw3/DifOv3kGqOUfSAv7B+a/eLTIMzCYSTa2HU7ccIOHTYKxDaSFx4CZEY8WAwYeM8vGvsPGG8+kmUkk9oG05BQc7DmXjtsWoMNuNnw7LDvv+OFnEh++3TaQbz6+8cGPMmvcttx/AKYdG0BkAlT0AE71YFsgtD0+RaNgFIyCUTDCAQAGXlSVq7F16AAAAABJRU5ErkJggg==","orcid":"","institution":"Amrita Vishwa Vidyapeetham","correspondingAuthor":true,"prefix":"","firstName":"Saranya","middleName":"","lastName":"G","suffix":""},{"id":338158584,"identity":"509b8c21-8dd5-4b42-94f9-ea4da80e2cf1","order_by":3,"name":"Sajjad shaukat Jamal","email":"","orcid":"","institution":"King Khalid University","correspondingAuthor":false,"prefix":"","firstName":"Sajjad","middleName":"shaukat","lastName":"Jamal","suffix":""},{"id":338158586,"identity":"f2c3bb42-6ce8-4241-8d6f-5a2b455534c4","order_by":4,"name":"Amer Aljaedi","email":"","orcid":"","institution":"University of Tabuk","correspondingAuthor":false,"prefix":"","firstName":"Amer","middleName":"","lastName":"Aljaedi","suffix":""},{"id":338158588,"identity":"e6083373-a638-4726-855a-f0e13fe8e7f7","order_by":5,"name":"Fahad Alblehai","email":"","orcid":"","institution":"King Saud University","correspondingAuthor":false,"prefix":"","firstName":"Fahad","middleName":"","lastName":"Alblehai","suffix":""}],"badges":[],"createdAt":"2024-07-17 16:59:16","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4757733/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4757733/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":70183392,"identity":"4ed7bdab-2c0d-4605-822f-106d663f2290","added_by":"auto","created_at":"2024-11-29 09:02:21","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":291414,"visible":true,"origin":"","legend":"","description":"","filename":"qnwcvqjwgqwcbqxghmjrfgmsmpshnssv.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4757733/v1_covered_2ac0d01f-6def-4e57-a362-3b7b1d9a3342.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Enhancing Code Security with CodeSheriff: A Multi-Language Vulnerability Scanner","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Vulnerability scanning, programming language identification, language-specific scanning, fastText model, Rosetta Code dataset, software security","lastPublishedDoi":"10.21203/rs.3.rs-4757733/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4757733/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Securing code has become a significant challenge in software development due to cyber threats. Identifying vulnerabilitiesduring development is crucial to reduce security risks. The solution, Codesheriff, is a Telegram bot that scans for vulnerabilitiesautomatically. Codesheriff uses a fastText model trained on the Rosetta Code dataset to detect programming languagesprecisely and employs customized models for detecting vulnerabilities in C, C++, Python, Java, PHP, and JavaScript. Itsperformance is measured against tools like Veracode and Fortify using various metrics. Experiments show Codesheriffachieved precision rates of 93.6% for Python, 93.5% for C/C++, 94.5% for Java, 91.8% for PHP, and 92.4% for JavaScript,demonstrating its robustness and practicality in secure code development.","manuscriptTitle":"Enhancing Code Security with CodeSheriff: A Multi-Language Vulnerability Scanner","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-08-13 06:09:34","doi":"10.21203/rs.3.rs-4757733/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"8e9e0363-6d46-4c7a-b66d-004aac5649bf","owner":[],"postedDate":"August 13th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":35825715,"name":"Physical sciences/Mathematics and computing/Computer science"},{"id":35825716,"name":"Physical sciences/Mathematics and computing/Information technology"},{"id":35825717,"name":"Physical sciences/Mathematics and computing/Software"},{"id":35825718,"name":"Physical sciences/Mathematics and computing"}],"tags":[],"updatedAt":"2024-11-29T08:54:08+00:00","versionOfRecord":[],"versionCreatedAt":"2024-08-13 06:09:34","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4757733","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4757733","identity":"rs-4757733","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}