US Patent 11681810 Traversing software components and dependencies for vulnerability analysis

Systems, devices, computer-implemented methods, and/or computer program products that facilitate software vulnerability analysis using relationship data extracted from disparate package-related sources. In one example, a system can comprise a processor that executes computer executable components stored in memory. The computer executable components can comprise a knowledge induction component and a vulnerability component. The knowledge induction component can populate a package ontology for a range of packages with relationship data extracted from a plurality of disparate package-related sources. The vulnerability component can identify an implicit vulnerability impacting the range of packages using the package ontology and a vulnerability record regarding an explicit vulnerability for a package within the range of packages.