DETAILED ACTION
Authorization for Internet Communications
The examiner encourages Applicant to submit an authorization to communicate with the examiner via the Internet by making the following statement (from MPEP 502.03):
“Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.”
Please note that the above statement can only be submitted via Central Fax (not Examiner's Fax), Regular postal mail, or EFS Web using PTO/SB/439.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 2, 8 – 10, 15 and 20 are rejected under 25 U.S.C. 101 because the claimed invention is directed to judicial exception (an abstract idea) without significantly more. The following is Examiner’s analysis of the claimed invention.
the claimed invention is directed to non-statutory subject matter because the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea. The claim 2 is directed to an abstract idea because the above claims are directed to managing an processing information related to software code changes and rebuild workflows, which constitutes managing information and automating a known software development process. More specifically, managing software rebuilds, modifying code in response to detected issues, and validating results are fundamental software development practice and amount to organizing and processing information using rules, which is a judicial exception falling within the category of abstract idea (Alice).
The additional element(s) or combination of elements in the claim(s) other than the abstract idea per se amount(s) to no more than the judicial exception because the additional elements i.e., “container” is simply used as a generic environment for storing and executing software, without reciting any particular improvement to container technology or any specific technical mechanism by which the container operates differently from conventional containers. Thus, the steps of receiving input, storing data, executing instructions, and validating results are performed using generic computer components. Thus, the claim as a whole does not amount to significantly more than the abstract idea itself. Accordingly, the above claims are ineligible.
Viewed as a whole, these additional claim element(s) do not provide meaningful limitation(s) to transform the abstract idea into a patent eligible application of the abstract idea such that the claim(s) amounts to significantly more than the abstract idea itself. Therefore, the claim(s) are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Claim 15 is product claims of the abstract method claim 2.
Claims 8 – 10 and 20 do not include elements that amount to significantly more than the abstract idea because all of the elements in those claims merely adds pre/post extra-solution activity to the abstract idea.
Claims 3 – 7, 11 – 14 and 16 - 19 include elements that amount to significantly more than the abstract idea.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 2, 6, 15 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tannous et al., (US 2018/0137032 A1) (hereinafter “Tannous”).
Tannous discloses;
Regarding claim 2, a method for minimizing software rebuild time during continuous integration and continuous deployment pipeline management using container-based code samples [i.e., a block diagram 200 illustrating a manner in which the CI management system 108 operates to control a given build (page 3, para 0040), (see figure 2)], the method comprising:
receiving a first user input [i.e., provide a user interface for writing build instructions (page 3, para 0029)] for creating a first rebuild code set [i.e., at step 332, the controller 208 creates a build script 220 from the build descriptor (i.e., table B) received at step 316…converts the extracted build steps into an executable file i.e., shell script i.e., BASH script (page 9, para 0089 - 0090), (see figure 2) Note; the controller 208 creates the build script based on user providing the build instructions via the user interface] corresponding to a first code sample [i.e., source code 221 in the SCM repository 112 (page 8, para 0086), (see figures 1 and 2), (page 3, para 0029], wherein the first rebuild code set comprises one or more instructions for automatically rebuilding the first code sample following one or more modifications [i.e., the build process begins at step 302, wherein the CI management system 106 determines that a source code repository maintained by the SCM system 104 has been updated (page 4, para 0046), (see figure 2)];
storing, in a first container, the first rebuild code set and the first code sample [i.e., store the build descriptor along with the source code 221 in the shared memory 209 at step 324…store the build script 220 in the shared memory 209 in step 333 (page 9, para 0089 and 0097), (see figure 2) Note; the source code and the build script are stored in container accessible storage controller by the controller 208];
receiving a first modification request [i.e., receives source code update notification (page 4, para 0046)], wherein the first modification request modifies the first code sample in the first container to generate a first modified code sample [i.e., the CI management system 106 determines that the source code repository has been updated (page 4, para 0046), (see figure 2) i.e., the source code version being tested (page 5, para 0058)];
in response to receiving the first modification request, executing the first rebuild code set on the first modified code sample [i.e., the build process beings at step 302, wherein the CI management system 106 determines that a source code repository managed by the SCM system 104 has been updated (page 4, para 0046), (see figure 2) i.e., at step 338, the build container 224 retrieves the source code 221 and the build script 220…and executes the build script 22 on the source code 221 (page 9, para 0093), (see figure 2)]; and
after executing the first rebuild code set on the first modified code sample, validating the first container based on the first modified code sample [i.e., the build container 224 run multiple tests on the source code 221 based on the build script 220 (page 9, para 0094), (see figure 2) i.e., the build status as success/failure (page 9, para 0096)].
Regarding claim 6, the method of claim 2, wherein executing the first rebuild code set on the first modified code sample further comprises:
determining, based on the first rebuild code set, a first validation test for the first container, wherein the first validation test is performed on the first container prior to deployment [i.e., the build container 224 run multiple tests on the source code 221 based on the build script 220 (page 9, para 0094), (see figure 2) i.e., the build status as success/failure (page 9, para 0096)]; and
modifying a first code string in the first modified code sample based on the first validation test [i.e., the method steps 338 – 342 are repeated until the tests are completed and the build is complete (page 9, para 0094), (see figure 2)].
Regarding claim 15, one or more non-transitory, computer-readable media, comprising instructions that, when executed by one or more processors, cause operations comprising [i.e., one or more non-transitory computer readable data storage media stored with one or more sequences of instructions which when executed cause a computer to perform the followings (page 11, para 118), (see figure 3)]:
receiving a first user input [i.e., provide a user interface for writing build instructions (page 3, para 0029)] for creating a first rebuild code set [i.e., at step 332, the controller 208 creates a build script 220 from the build descriptor (i.e., table B) received at step 316…converts the extracted build steps into an executable file i.e., shell script i.e., BASH script (page 9, para 0089 - 0090), (see figure 2) Note; the controller 208 creates the build script based on user providing the build instructions via the user interface] corresponding to a first code sample [i.e., source code 221 in the SCM repository 112 (page 8, para 0086), (see figures 1 and 2), (page 3, para 0029], wherein the first rebuild code set comprises one or more instructions for automatically rebuilding the first code sample following one or more modifications [i.e., the build process begins at step 302, wherein the CI management system 106 determines that a source code repository maintained by the SCM system 104 has been updated (page 4, para 0046), (see figure 2)];
storing, in a first container, the first rebuild code set and the first code sample [i.e., store the build descriptor along with the source code 221 in the shared memory 209 at step 324…store the build script 220 in the shared memory 209 in step 333 (page 9, para 0089 and 0097), (see figure 2) Note; the source code and the build script are stored in container accessible storage controller by the controller 208];
receiving a first modification request [i.e., receives source code update notification (page 4, para 0046)], wherein the first modification request modifies the first code sample in the first container to generate a first modified code sample [i.e., the CI management system 106 determines that the source code repository has been updated (page 4, para 0046), (see figure 2) i.e., the source code version being tested (page 5, para 0058)];
in response to receiving the first modification request, executing the first rebuild code set on the first modified code sample [i.e., the build process beings at step 302, wherein the CI management system 106 determines that a source code repository managed by the SCM system 104 has been updated (page 4, para 0046), (see figure 2) i.e., at step 338, the build container 224 retrieves the source code 221 and the build script 220…and executes the build script 22 on the source code 221 (page 9, para 0093), (see figure 2)]; and
after executing the first rebuild code set on the first modified code sample, validating the first container based on the first modified code sample [i.e., the build container 224 run multiple tests on the source code 221 based on the build script 220 (page 9, para 0094), (see figure 2) i.e., the build status as success/failure (page 9, para 0096)].
Regarding claim 19, the one or more non-transitory, computer-readable media of claim 15, wherein executing the first rebuild code set on the first modified code sample further comprises:
determining, based on the first rebuild code set, a first validation test for the first container, wherein the first validation test is performed on the first container prior to deployment [i.e., the build container 224 run multiple tests on the source code 221 based on the build script 220 (page 9, para 0094), (see figure 2) i.e., the build status as success/failure (page 9, para 0096)]; and
modifying a first code string in the first modified code sample based on the first validation test [i.e., the method steps 338 – 342 are repeated until the tests are completed and the build is complete (page 9, para 0094), (see figure 2)].
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 is rejected under 35 U.S.C. 103 as being unpatentable over Tannous in view of Hwang et al., (US 2021/0042217 A1) (hereinafter “Hwang”).
Regarding claim 1, Tannous discloses; a system [i.e., a computer system 350 (page 10, para 0109), (see figure 3)] for minimizing software rebuild time during continuous integration and continuous deployment pipeline management using container-based code samples [i.e., a block diagram 200 illustrating a manner in which the CI management system 108 operates to control a given build (page 3, para 0040), (see figure 2)], the system comprising:
one or more processors [i.e., the computer system comprises processor 354 (page 10, para 0109), (see figure 3)]: and
one or more non-transitory, computer-readable media comprising instructions that when executed by the one or more processors cause operations comprising [i.e., one or more non-transitory computer readable data storage media stored with one or more sequences of instructions which when executed cause a computer to perform the followings (page 11, para 118), (see figure 3)]:
receiving, via a first user interface, a first user input [i.e., provide a user interface for writing build instructions (page 3, para 0029)] for creating a first rebuild code set [i.e., at step 332, the controller 208 creates a build script 220 from the build descriptor (i.e., table B) received at step 316…converts the extracted build steps into an executable file i.e., shell script i.e., BASH script (page 9, para 0089 - 0090), (see figure 2) Note; the controller 208 creates the build script based on user providing the build instructions via the user interface] corresponding to a first code sample [i.e., source code 221 in the SCM repository 112 (page 8, para 0086), (see figures 1 and 2), (page 3, para 0029], wherein the first rebuild code set comprises one or more instructions for automatically rebuilding the first code sample following one or more modifications [i.e., the build process begins at step 302, wherein the CI management system 106 determines that a source code repository maintained by the SCM system 104 has been updated (page 4, para 0046), (see figure 2)], and wherein the first code sample corresponds to a first application [i.e., source code 221 in the SCM repository 112 (page 8, para 0086), (see figures 1 and 2), (page 3, para 0029];
storing, in a first container, the first rebuild code set and the first code sample [i.e., store the build descriptor along with the source code 221 in the shared memory 209 at step 324…store the build script 220 in the shared memory 209 in step 333 (page 9, para 0089 and 0097), (see figure 2) Note; the source code and the build script are stored in container accessible storage controller by the controller 208];
storing the first container in a sample codebase, wherein the sample codebase comprises a plurality of containers, and where each of the plurality of containers comprises a respective rebuild code set and a respective code sample [i.e., container groups/pods with multiple containers (page 3, para 0042), (page 10, para 0100 - 0104)];
in response to receiving the second user input, executing the first rebuild code set on the first modified code sample [i.e., the build process beings at step 302, wherein the CI management system 106 determines that a source code repository managed by the SCM system 104 has been updated (page 4, para 0046), (see figure 2) i.e., at step 338, the build container 224 retrieves the source code 221 and the build script 220…and executes the build script 22 on the source code 221 (page 9, para 0093), (see figure 2)];
after executing the first rebuild code set on the first modified code sample, validating the first container based on the first modified code sample [i.e., the build container 224 run multiple tests on the source code 221 based on the build script 220 (page 9, para 0094), (see figure 2) i.e., the build status as success/failure (page 9, para 0096)]; and
generating for display, on a third user interface, a first validation confirmation for the first container [i.e., feedback system displays results (page 3, para 0038), (page 9, para 0095 - 0096)].
Tannous does not disclose;
receiving, via a second user interface, a second user input, wherein the second user input modifies the first code sample in the first container to generate a first modified code sample, wherein the first modified code sample addresses a first vulnerability detected in the first code sample
However, Hwang discloses;
receiving, via a second user interface, a second user input, wherein the second user input modifies the first code sample in the first container to generate a first modified code sample, wherein the first modified code sample addresses a first vulnerability detected in the first code sample [i.e., modifies code to remediate vulnerabilities (para 0005) and (para 0033 – 0036)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Hwang for integrating vulnerability detection and testing within a continuous integration and continuous deployment (CI/CD) pipeline (See Hwang; page 1, para 0004).
Claim(s) 3 – 5, 7 – 14, 16 – 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tannous in view of Sheridan et al., (US 2019/0311133 A1) (hereinafter “Sheridan”).
Regarding claim 3, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, an output requirement of the first container; and modifying a first code string in the first modified code sample based on the output requirement.
However, Sheridan discloses;
determining, based on the first rebuild code set, an output requirement of the first container [i.e., defining expected security and functional outcomes for remediated code, including whether vulnerabilities are eliminated without breaking intended behavior (para 0043 – 0047)]; and
modifying a first code string in the first modified code sample based on the output requirement [i.e., automatically generated patches modify source code statements to satisfy the defined remediation objectives (patch rules applied to code segments) (para 0051 – 0056), (see figure 2)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 4, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, a dependency of the first container on a second code sample, wherein the second code sample is in a second container; and modifying a first code string in the first modified code sample based on the dependency.
However, Sheridan discloses;
determining, based on the first rebuild code set, a dependency of the first container on a second code sample, wherein the second code sample is in a second container [i.e., analyzes inter-procedural and inter-file dependencies when determining where to apply patches, including dependencies between modules and libraries (para 0036 – 0040)]; and
modifying a first code string in the first modified code sample based on the dependency [i.e., patch generation considered dependent code regions to ensure fixes do not break related components (para 0052 – 0057)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 5, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above).
Tannous does not disclose;
determining, based on the first rebuild code set, a data source of the first container, wherein the data source comprises a second container; and modifying a first code string in the first modified code sample based on the data source.
However, Sheridan discloses;
determining, based on the first rebuild code set, a data source of the first container, wherein the data source comprises a second container [i.e., vulnerability detection relies on external security scanners, vulnerability databases, and static analysis tools as data sources (para 00027 – 0031)]; and
modifying a first code string in the first modified code sample based on the data source [i.e., the remediation engine applies fixes based on vulnerability metadata received from these sources (para 0048 – 0054), (see figure 1)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 7, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, an error notification triggered in response to failure of the first container to be rebuilt; and modifying a first code string in the first modified code sample based on the error notification.
However, Sheridan discloses;
determining, based on the first rebuild code set, an error notification triggered in response to failure of the first container to be rebuilt [i.e., the workflow includes failure states, alerts, and notifications when remediation or validation fails (para 0067 – 0070)]; and
modifying a first code string in the first modified code sample based on the error notification [i.e., modifying code based on error notification failure triggers additional remediation cycles or alternative patch selection (para 0071 – 0074)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 8, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 8 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, an application comprising the first container;
determining a validation test for the application, wherein the validation test is performed on the application prior to deployment; and modifying a first code string in the first modified code sample based on the validation test.
However, Sheridan discloses;
determining, based on the first rebuild code set, an application comprising the first container [i.e., applications as collections of source artifacts subject to remediation (para 0020 – 0024)]; and
determining a validation test for the application, wherein the validation test is performed on the application prior to deployment [i.e., validation includes application-wide regression and security testing (para 0060 – 0065), (see figure 3)]; and modifying a first code string in the first modified code sample based on the validation test [i.e., failed application validation triggers further patching (para 0066 – 0074)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 9, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
inputting the first rebuild code set into an artificial intelligence model, wherein the artificial intelligence model is trained on historic rebuild code sets and modified code samples; and receiving an output from the artificial intelligence model, wherein the output comprises a modification to the first code sample and corresponds to the first modified code sample.
However, Sheridan discloses;
inputting the first rebuild code set into an artificial intelligence model [i.e., the remediation engine uses historical patch rules and prior fixes as inputs to guide remediation selection (para 0049 – 0053)], wherein the artificial intelligence model is trained on historic rebuild code sets and modified code samples [i.e., patch rules are derived from previously successful remediation patterns, effectively training the system over time (para 0050 – 0056)]; and
receiving an output from the artificial intelligence model, wherein the output comprises a modification to the first code sample and corresponds to the first modified code sample [i.e., outputs a modified version of the source code implementing the fix (para 0056 – 0059), (see figure 2)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 10, Tannous discloses; the method of claim 2, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, an enforcement action for performing on an application comprising the first container in response to a validation failure of the first container; and modifying a first code string in the first modified code sample based on the enforcement action.
However, Sheridan discloses;
determining, based on the first rebuild code set, an enforcement action for performing on an application comprising the first container in response to a validation failure of the first container [i.e., block deployment, flag code for review, or require manual approval upon failure (para 0075 – 0079)]; and
modifying a first code string in the first modified code sample based on the enforcement action [ i.e., enforcement trigger additional automated remediation attempts (para 0076 – 0080)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 11, Tannous discloses; the method of claim 2, wherein storing, in the first container, the first rebuild code set [i.e., (see claim 2 above)].
Tannous does not disclose;
storing a container base image, a dependency library, and a compilation instruction.
However, Sheridan discloses;
storing a container base image, a dependency library, and a compilation instruction [i.e., stores build artifacts, dependency metadata, and code context required to apply patches and rebuild software (para 0032 – 0038)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 12, Tannous discloses; the method of claim 2, wherein receiving the first modification request [i.e., (see claim 2 above)].
Tannous does not disclose;
detecting a first security vulnerability in the first code sample; and determining a modification to the first code sample to address the first security vulnerability.
However, Sheridan discloses;
detecting a first security vulnerability in the first code sample [i.e., automated security testing and vulnerability detection (para 0010 – 0015), (see figure 1)]; and
determining a modification to the first code sample to address the first security vulnerability [i.e., automated selection and generation of remediation patches (para 0045 – 0055)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 13, Tannous discloses; the method of claim 2, wherein validating the first container based on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
performing a first validation test on the first container in a container-specific environment; and performing a second validation test on an application comprising the first container in an application-specific environment.
However, Sheridan discloses;
performing a first validation test on the first container in a container-specific environment [i.e., component-level validation of remediated artifacts (para 0058 – 0062)]; and
performing a second validation test on an application comprising the first container in an application-specific environment [i.e., full system verification after remediation (para 0060 – 0066), (see figure 3)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 14, Tannous discloses; the method of claim 2, wherein validating the first container based on the first modified code sample [i.e., (see claim 2 above)].
Tannous does not disclose;
retrieving a first test script for an application comprising the first container; and processing the first test script in the application.
However, Sheridan discloses;
retrieving a first test script for an application comprising the first container []; and
processing the first test script in the application [ i.e., enforcement trigger additional automated remediation attempts (para 0076 – 0080)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 16, Tannous discloses; the one or more non-transitory, computer-readable media of claim 15, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 15 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, an output requirement of the first container; and modifying a first code string in the first modified code sample based on the output requirement.
However, Sheridan discloses;
determining, based on the first rebuild code set, an output requirement of the first container [i.e., defining expected security and functional outcomes for remediated code, including whether vulnerabilities are eliminated without breaking intended behavior (para 0043 – 0047)]; and
modifying a first code string in the first modified code sample based on the output requirement [i.e., automatically generated patches modify source code statements to satisfy the defined remediation objectives (patch rules applied to code segments) (para 0051 – 0056), (see figure 2)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 17, Tannous discloses; the one or more non-transitory, computer-readable media of claim 15, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 15 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, a dependency of the first container on a second code sample, wherein the second code sample is in a second container; and modifying a first code string in the first modified code sample based on the dependency.
However, Sheridan discloses;
determining, based on the first rebuild code set, a dependency of the first container on a second code sample, wherein the second code sample is in a second container [i.e., analyzes inter-procedural and inter-file dependencies when determining where to apply patches, including dependencies between modules and libraries (para 0036 – 0040)]; and
modifying a first code string in the first modified code sample based on the dependency [i.e., patch generation considered dependent code regions to ensure fixes do not break related components (para 0052 – 0057)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 18, Tannous discloses; the one or more non-transitory, computer-readable media of claim 15, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 15 above)].
Tannous does not disclose;
determining, based on the first rebuild code set, a data source of the first container, wherein the data source comprises a second container; and modifying a first code string in the first modified code sample based on the data source.
However, Sheridan discloses;
determining, based on the first rebuild code set, a data source of the first container, wherein the data source comprises a second container [i.e., vulnerability detection relies on external security scanners, vulnerability databases, and static analysis tools as data sources (para 00027 – 0031)]; and
modifying a first code string in the first modified code sample based on the data source [i.e., the remediation engine applies fixes based on vulnerability metadata received from these sources (para 0048 – 0054), (see figure 1)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Regarding claim 20, Tannous discloses; the one or more non-transitory, computer-readable media of claim 15, wherein executing the first rebuild code set on the first modified code sample [i.e., (see claim 15 above)].
Tannous does not disclose;
inputting the first rebuild code set and the first modified code sample into an artificial intelligence model, wherein the artificial intelligence model is trained on historic rebuild code sets and modified code samples; and receiving an output from the artificial intelligence model, wherein the output comprises a modification to the first code sample.
However, Sheridan discloses;
inputting the first rebuild code set and the first modified code sample into an artificial intelligence model, wherein the artificial intelligence model is trained on historic rebuild code sets and modified code samples [i.e., the remediation engine uses historical patch rules and prior fixes as inputs to guide remediation selection (para 0049 – 0053)], wherein the artificial intelligence model is trained on historic rebuild code sets and modified code samples [i.e., patch rules are derived from previously successful remediation patterns, effectively training the system over time (para 0050 – 0056)]; and
receiving an output from the artificial intelligence model, wherein the output comprises a modification to the first code sample and corresponds to the first modified code sample [i.e., outputs a modified version of the source code implementing the fix (para 0056 – 0059), (see figure 2)].
Before the effective filing date of the claimed invention it would have been obvious to a person of ordinary skill in the art to modify the teachings of Tannous by adapting the teachings of Sheridan to prevent degraded experience for users (See Sheridan; page 1, para 0003).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A RONI whose telephone number is (571)270-7806. The examiner can normally be reached M-F 9:00-5:00 pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED A RONI/Primary Examiner, Art Unit 2432