A Survey on Source Code Review Using Machine Learning

Source code review constrains software system security sufficiently. Scalability and precision are of importance for the deployment of code review tools. However, traditional tools can only detect some security flaws automatically with high false positive and false negative by tedious reviewing large-scale source code. Various flaws and vulnerabilities show specific characteristic in source code. Machine learning systems founded feature matrixes of source code as input, including variables, functions and files, generating ad-hoc label by distinguish or generation methodologies to review source code automatically and intelligently. Source code, whatever the programming language, is text information in nature. Both secure and vulnerable feature can be curved from source code. Fortunately, a variety of machine learning approaches have been developed to learn and detect flaws and vulnerabilities in intelligent source code security review. Combination of code semantic and syntactic feature contribute to the optimation of false positive and false negative during source code review. In this paper, we give the review of literature related to intelligent source code security review using machine learning methods. It illustrate the primary evidence of approaching ML in source code security review. We believe machine learning and its branches will become out-standing in source code review.