Methods, systems, and computer-readable media for automated code generation using analysis of design diagrams are disclosed. A diagram-to-code system determines one or more security properties of a plurality of components associated with a software product. Relationships between the components are indicated in a software design diagram. At least some of the security properties are determined using input to a user interface. The diagram-to-code system generates one or more secure code packages based (at least in part) on the software design diagram and the one or more security properties. The secure code package(s) implement one or more security controls associated with the software product. The secure code package(s) are provided to a developer. The secure code package(s) and additional program code from the developer are compiled into a compiled software product. Execution of the compiled software product mitigates security vulnerabilities using the one or more security controls.

A conversion apparatus improves utilization of definition information for system migration by including: a first conversion unit converting definition information about first rules for generating first data showing information about an operation of a migration source first system in a form depending on an implementation technique of the first system based on materials of the first system, according to a combination of first environment information showing an environment that the first system depends on and second environment information showing an environment that a migration destination second system depends on; a second conversion unit converting definition information about second rules for generating second data showing the information about the operation in a form not depending on a particular implementation technique based on the first data, according to the combination of the first environment information and the second environment information; and a third conversion unit converting definition information about third rules for generating third data showing the information about the operation in a form depending on an implementation technique of the second system based on the second data and the first data, according to the combination of the first environment information and the second environment information.

An approach is disclosed that receives a code segment from a source code file. The received code segment is inputted to a trained knowledge manager from which one or more comparable code segments are received. Each of the comparable code segments are identified as having similar functionality as the selected code segment and each of the comparable code segments has a set of metadata. The metadata is used to select one of the comparable code segments and this selected code segment is used to replace the original code segment in the source code file.

When any one or a combination of a ticket, a source code change history, and a source code is input, a source code analysis apparatus generates information of a factor pattern from the information, and a factor metrics calculation unit calculates factor metrics regarding the factor pattern as measured information regarding the factor pattern. In addition, the QCD measurement value is acquired from the information, the QCD index is calculated based on the QCD measurement value, and the correlation calculation unit calculates a correlation coefficient for a pair of the factor metrics and the QCD index, stores the correlation coefficient in the correlation list, calculates a score for the pair of the factor pattern and the QCD measurement value, and generates the important factor pattern information table in which the score is assigned to the pair of the factor pattern and the QCD measurement value.

When any one or a combination of a ticket, a source code change history, and a source code is input, a source code analysis apparatus generates information of a factor pattern from the information, and a factor metrics calculation unit calculates factor metrics regarding the factor pattern as measured information regarding the factor pattern. In addition, the QCD measurement value is acquired from the information, the QCD index is calculated based on the QCD measurement value, and the correlation calculation unit calculates a correlation coefficient for a pair of the factor metrics and the QCD index, stores the correlation coefficient in the correlation list, calculates a score for the pair of the factor pattern and the QCD measurement value, and generates the important factor pattern information table in which the score is assigned to the pair of the factor pattern and the QCD measurement value.

Techniques are provided for mapping natural language to code segments. In one embodiment, the techniques involve receiving a document and software code, wherein the document comprises a natural language description of a use of the code, generating, via a vectorization process performed on the document, at least one vector or word embedding, generating, via a natural language processing technique performed on the at least one vector or word embedding, a first label set, generating, via a machine learning analysis of the software code, a second label set, determining, based on a comparison of the first label set and the second label set, a match confidence between the document and the software code, wherein the match confidence indicates a measure of similarity between the first label set and the second label set, and upon determining that the match confidence exceeds a predefined threshold, mapping the document to the software code.

Techniques are provided for mapping natural language to code segments. In one embodiment, the techniques involve receiving a document and software code, wherein the document comprises a natural language description of a use of the code, generating, via a vectorization process performed on the document, at least one vector or word embedding, generating, via a natural language processing technique performed on the at least one vector or word embedding, a first label set, generating, via a machine learning analysis of the software code, a second label set, determining, based on a comparison of the first label set and the second label set, a match confidence between the document and the software code, wherein the match confidence indicates a measure of similarity between the first label set and the second label set, and upon determining that the match confidence exceeds a predefined threshold, mapping the document to the software code.

Some embodiments provide a method for identifying runtime complexity of a policy. The method receives, through a user interface (UI), a set of code defining a particular policy. For each variable in the particular policy, the method identifies a first occurrence of the variable in the particular policy to determine a number of values assigned to the variable. Variables determined to be assigned one value are separated from variables determined to be assigned more than one value. Based on the determinations for each variable, the method calculates a set of metrics that include at least time complexity, size complexity, and count complexity for the particular policy. The method then displays, through the UI, the calculated set of metrics along with a set of one or more suggestions for optimizing the particular policy based on the calculated set of metrics.

Some embodiments provide a method for identifying runtime complexity of a policy. The method receives, through a user interface (UI), a set of code defining a particular policy. For each variable in the particular policy, the method identifies a first occurrence of the variable in the particular policy to determine a number of values assigned to the variable. Variables determined to be assigned one value are separated from variables determined to be assigned more than one value. Based on the determinations for each variable, the method calculates a set of metrics that include at least time complexity, size complexity, and count complexity for the particular policy. The method then displays, through the UI, the calculated set of metrics along with a set of one or more suggestions for optimizing the particular policy based on the calculated set of metrics.

A system, product and process for building a package dependencies data structure. The method comprises determining a package instance identifier of the package to be processed. The package instance identifier is determined based on a unique identifier of the package to be processed and based on a unique identifier of a dependency sub-tree of the package to be processed in the package instance identifier. The package instance identifier is utilized to determine if a node representing the package to be processed exists or not. In case the node does not exist already in the data structure, the node is created and added.