Graph Neural Networks (GNN) for Code Dependency Vulnerability Detection

Abstract

Modern software development relies heavily on third-party libraries and external dependencies, leading to increasingly complex dependency graphs.Managing these dependencies is challenging, as vulnerabilities often arise from indirect or transitive dependencies that are difficult to detect using traditional security tools. Graph Neural Networks (GNNs) offer a novel approach to vulnerability detection by leveraging graph structures to model code dependencies. This paper proposes a GNN-based framework for identifying vulnerabilities within code dependency graphs in DevOps environments.The framework models libraries, modules, and their relationships as graph nodes and edges, enabling the aggregation of dependency information across the entire software stack. Experimental results demon- strate that GNNs outperform traditional static analysis tools in detecting hidden and transitive vulnerabilities. Additionally, the paper discusses challenges such as scalability, interpretability, and data quality in applying GNNs to real-world codebases. The results suggest that GNNs offer a promising solution to enhance software security by proactively identifying vulnerabilities in complex dependency networks.