{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T20:43:27Z","timestamp":1776804207403,"version":"3.51.2"},"reference-count":75,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T00:00:00Z","timestamp":1775001600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T00:00:00Z","timestamp":1775001600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T00:00:00Z","timestamp":1775001600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62472126"],"award-info":[{"award-number":["62472126"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Shenzhen-Hong Kong Jointly Funded Project","award":["SGDX20230116 091246007"],"award-info":[{"award-number":["SGDX20230116 091246007"]}]},{"name":"CCF-Huawei Populus Grove Fund"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2026,4]]},"DOI":"10.1109\/tse.2026.3662145","type":"journal-article","created":{"date-parts":[[2026,2,23]],"date-time":"2026-02-23T20:47:41Z","timestamp":1771879661000},"page":"1315-1331","source":"Crossref","is-referenced-by-count":0,"title":["From Function to Repository: Towards Repository-Level Evaluation of Software Vulnerability Detection"],"prefix":"10.1109","volume":"52","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2115-9921","authenticated-orcid":false,"given":"Xin-Cheng","family":"Wen","sequence":"first","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-8915-6392","authenticated-orcid":false,"given":"Xinchen","family":"Wang","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2901-0643","authenticated-orcid":false,"given":"Yujia","family":"Chen","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9221-2788","authenticated-orcid":false,"given":"Ruida","family":"Hu","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4367-7201","authenticated-orcid":false,"given":"David","family":"Lo","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8513-6836","authenticated-orcid":false,"given":"Cuiyun","family":"Gao","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Tree-sitter","year":"2023"},{"key":"ref2","article-title":"CWE-20: Improper input validation","year":"2026"},{"key":"ref3","article-title":"Rough audit tool for security","year":"2025"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106576"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510219"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"ref7","article-title":"ChatGPT","year":"2022"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607242"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3192419"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3436877"},{"key":"ref11","article-title":"Cppcheck","year":"2026"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00022"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/msr.2019.00017"},{"key":"ref14","article-title":"DeepSeek-V3.2-Exp.","year":"2025"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/52.976940"},{"key":"ref16","article-title":"Infer","year":"2026"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387501"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528452"},{"key":"ref20","doi-asserted-by":"crossref","DOI":"10.1109\/APSEC60848.2023.00085","article-title":"ChatGPT for vulnerability detection, classification, and repair: How far are we?","volume-title":"CoRR","author":"Fu","year":"2023"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.11.053"},{"key":"ref22","article-title":"GPT-4o","year":"2025"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2022.acl-long.499"},{"key":"ref24","article-title":"GraphCodeBERT: Pre-training code representations with data flow","volume-title":"Proc. 9th Int. Conf. Learn. Represent. (ICLR), Virtual Event, Austria","author":"Guo","year":"2021"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3695988"},{"key":"ref26","article-title":"HuggingFace","year":"2023"},{"key":"ref27","article-title":"Checkmarx","year":"2026"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3600006.3613165"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2017.42"},{"key":"ref30","first-page":"1","article-title":"StarCoder: May the source be with you!","author":"Li","year":"2023","journal-title":"CoRR"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417923"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3276511"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3381915"},{"key":"ref34","article-title":"Gated graph sequence neural networks","volume-title":"Proc. 4th Int. Conf. Learn. Represent. (ICLR)","author":"Li","year":"2016"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468597"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639218"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23158"},{"key":"ref39","article-title":"RepoBench: Benchmarking repository-level code auto-completion systems","volume-title":"Proc. 12th Int. Conf. Learn. Represent. (ICLR), Vienna, Austria","author":"Liu","year":"2024"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639142"},{"key":"ref41","article-title":"The history of clop ransomware","year":"2026"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3473122"},{"key":"ref43","article-title":"SARD: Software assurance reference dataset","year":"2022"},{"key":"ref44","article-title":"GPT-4 technical report","year":"2023","journal-title":"CoRR"},{"key":"ref45","first-page":"1","article-title":"RepoGraph: Enhancing AI software engineering with repository-level code graph","author":"Ouyang","year":"2024","journal-title":"CoRR"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00031"},{"key":"ref47","article-title":"GNU Cflow","year":"2005"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3276517"},{"key":"ref49","article-title":"Qwen3-Coder-30B-A3B-Instruct","year":"2025"},{"key":"ref50","article-title":"Semgrep","year":"2021"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1561\/1500000019"},{"key":"ref52","first-page":"1","article-title":"Code llama: Open foundation models for code","author":"Rozi\u00e8re","year":"2023","journal-title":"CoRR"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"ref54","article-title":"Number of common IT security vulnerabilities and exposures (CVEs) worldwide from 2009 to 2024 YTD","year":"2024"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417058"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2007.70712"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.5040\/9781501365072.09396"},{"key":"ref58","first-page":"1","article-title":"Llama 2: Open foundation and fine-tuned chat models","author":"Touvron","year":"2023","journal-title":"CoRR"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2682862.2682863"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00199"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179479"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3639478.3647634"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/ICAIT.2018.8686548"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.emnlp-main.685"},{"key":"ref65","first-page":"1","article-title":"Game rewards vulnerabilities: Software vulnerability detection with zero-sum game and prototype learning","author":"Wen","year":"2024","journal-title":"CoRR"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ASE56229.2023.00144"},{"key":"ref67","article-title":"Flawfinder","author":"Wheeler","year":"2026"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/CompComm.2017.8322752"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510229"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2015.02.024"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3286586"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3580305.3599790"},{"key":"ref73","first-page":"1","article-title":"Comparison of static application security testing tools and large language models for repo-level vulnerability detection","author":"Zhou","year":"2024","journal-title":"CoRR"},{"key":"ref74","first-page":"10197","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","author":"Zhou","year":"2019","journal-title":"Adv. Neural Inf. Process. Syst. 32: Annu. Conf. Neural Inf. Process. Syst"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2019.2942930"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/11488173\/11408110.pdf?arnumber=11408110","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T19:49:11Z","timestamp":1776800951000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11408110\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4]]},"references-count":75,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tse.2026.3662145","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4]]}}}