DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on November 18, 2021 for application 16/839,541.  Claims 1-2, 4-6, 9-10, 14-15, and 17-20 were amended, and claims 1-20 remain pending in the application.
Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed on November 18, 2021, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 8 of the Remarks that concerns the objections to drawings, the amendment to the specification that provides the missing reference numbers cures the deficiency and the corresponding objections are withdrawn.
	Regarding the Applicant’s response at page 9 of the Remarks that concerns the § 101 rejection of claims 17-20, the amendments to the claims adequately address the issue of claiming non-statutory subject matter, and the § 101 rejection is withdrawn.
Regarding the Applicant’s response at page 9 of the Remarks that concerns the § 112(b) rejection of claims 4 and 14, the amendments to the claims adequately addresses the issue and the § 112(b) rejection is withdrawn.
Regarding the Applicant’s response at pages 9-12 of the Remarks that concerns the § 103 rejection of claim 1, the Applicant’s arguments in conjunction with the claim 
Regarding the Applicant’s response at pages 12-13 of the Remarks that concerns the § 103 rejection of independent claims 9 and 17 and dependent claims 2-8, 10-16, and 18-20, the argument for patentability rests upon the allowance of claim 1.  Because claim 1 is not patentable over the prior art as detailed below, the aforementioned claims are similarly not allowable.
Regarding the Applicant’s response at page 13 of the Remarks that concerns the § 103 rejection of claim 2, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to claim 2 because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sharma et al. (US 2016/0180096, “Sharma”) in view of Hortala et al. (US 2020/0073783, “Hortala”) and Devane (US 2020/0210572, “Devane”), and further in view of Archer et al. (US 2014/0208431, “Archer”).
Regarding Claim 1
Sharma discloses
A system for code security scanning with minimal user interface (Fig. 5, ¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” noting minimal user interface is afforded not patentable weight since it occurs in the preamble and merely states an objective, and not a structural limitation, of the claimed scanning system.  See MPEP § 2111.02(I) – Preamble Statements Limiting Structure), the system comprising: 
a memory (Fig. 2, ¶¶ [0029], “memory 206”); 
at least one processor (Fig. 2, ¶¶ [0027]-[0028], “processor unit 204”) communicatively coupled to the memory (Fig. 2, ¶ [0020], via “communications fabric 202”); 
a user interface device…1 (¶ [00031], “input/output unit 212”) associated with selected source code…2 (¶¶ [0078]-[0079], i.e., the “development team 500” select[s] the source code to be scanned within an “abstract program representation (APR).”);
3 …; 
a scan initiation component (¶¶ [0080]-[0082], i.e., the  “The generator tool [514 that acts as a scan initiation component], as will be described below, is the mechanism that automatically generates abstract program representations (APRs, each an APR 516) with respect to the source code component 502 of the application 504;” and  “In a preferred approach, an ARSA [Archive for Security Analysis] file for an APR is created by serializing the APR into a compact binary file format container that preferably contains only the data necessary for static application security analysis;” and ¶ [0103], “This enables the ARSA file to be sent for security scanning whenever needed;” and thus the “generator tool 514” acts as a scan initiation component), implemented on the at least one processor (Fig. 2, ¶ [0026], “With reference now to FIG. 2, a block diagram of an exemplary data processing system is shown in which aspects of the illustrative embodiments may be implemented.”), 
that uploads the zip file including the selected source code (¶¶ [0078]-[0079]) to a target directory (¶¶ [0098]-[0099], “FIG. 7 illustrates an example set of build artifacts located in [target] directory “C:\myApp” and created by the build system for a particular source code component.”) via a network (Fig. 5, i.e., the network as generally illustrated  on condition a user (¶¶ [0078]-[0079], “development team 500”) initiates security scanning of the selected source code within the zip file…4 (¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” i.e., for the source code to be scanned, it must necessarily be initiate[d], with such initiation occurring by a user within the “development team 500”), 
the selected source code including a user identifier (ID) appended to the selected source code (Fig. 7, ¶¶ [0096]-[0099], “The following provides a more concrete example. In this embodiment, the APR is generated from the source code component by analyzing build artifacts (e.g., such as a Maven pom.xml file, an Ant build.xml file, or the like) to extract preferably the following information: the paths to the build outputs (e.g. *.jar, *.war, etc.), the path(s) to the source code directories,…,” i.e., the Project Object Model (“pom”) file provides the user identifier (e.g., the name within the tag <groupid>), and the pom.xml file via the use of tags serves to append the user identification to the source code as artifacts that are subject to the scanning);
5 …and submits the selected source code to a security scan component (Fig. 5, ¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that [serves as a security scan component], as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities.”) associated with a remote computing device via a network (Fig. 5, ¶ [0079], “The static analysis tool 506 operates either on-premises, or in a cloud-based platform 508” that is a remote computing device that receives the source code (or source code as artifacts) via the illustrated network); 
6 ; and 
7 ….
Sharma doesn’t disclose
	1 …outputting a single-command menu option…;
	2 … stored in a zip file;
	3 a code scanning manager, implemented on the at least one processor, that appends a user identifier (ID) appended to the selected source code stored in the zip file;
	4 …by selecting the single-command menu option;
	5 a listener component, implemented on the at least one processor, periodically checks the target directory for unscanned code…
	6 an extraction component, implemented on the at least one processor, extracts the user ID from the selected source code in the zip file;
	7 a results component, implemented on the at least one processor, transmits a summary scan results report to the user associated with the user ID extracted from the selected source code.
Hortala, however, discloses
	2 … stored in a zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code and the proof, which may be annotated source code 112.”);
3 a code scanning manager (“The worker for the automated test execution service 135 [as a code … manager] may determine a version of the source code 112, and may make a call 140 to a verification service 142 to begin verification on the source code 140,” and the “verification service” of Hortala implements the scanning of Sharma to implement a code scanning manager), implemented on the at least one processor (Sharma Fig. 2, ¶ [0026]), that appends a user identifier (ID) (“The call 140 may specify the version of the source code 112 and/or an account identifier (ID) associated with the source code 112 and/or developer [user] 105,”) …a stored in the zip file (“The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code and the proof, which may be annotated source code 112,”);
5 a listener component (¶ [0030], “Once the source code 112 is copied into the storage service 128 (or second data store), the CI [continuous integration] pipeline 115 may execute 130 a worker [as a listener component]] for an automated test execution service (e.g., a test-on-demand (ToD) service) 135 to oversee the verification of the source code 112;” and ¶ [0038], “ The client 205 may be, for example a worker for an automated test execution service run by a CI pipeline, may be another automated function or entity, or may be a user such as a developer who manually makes the API call to trigger a new proof attempt,” i.e., the listener component implies automation which is taught or suggested by the “worker” which is associated with automation), implemented on the at least one processor (Sharma Fig. 2, ¶ [0026]), periodically checks the target directory (Sharma ¶¶ [0098]-[0099]) for unscanned code… (¶ [0038], “The worker for the automated test execution service 135 may periodically check (e.g., target directory as disclosed by Sharma] to access logs, runtime metrics and/or outputs of verification tasks that have been stored in the storage service 128.”)
6 an extraction component (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] occurs [by an extraction component comprising the software that performs the extraction] in associating with unpacking the zip file), implemented on the at least one processor (Sharma Fig. 2, ¶ [0026]), extracts the user ID from the selected source code in the zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] of the header as disclosed by Devane ¶ [0018] results in the extraction of the user ID);
7 a results component (Fig. 2, ¶ [0033], “If verification fails, the worker [as a results component] for the automated test execution service 135 may generate a notification 150,” i.e., the “worker” as disclosed is multifunctional and consists of multiple components with respective functionalities), implemented on the at least one processor (Sharma Fig. 2, ¶ [0026]), transmits a summary scan results report to the user associated with the user ID extracted from selected source code (¶ [0033], “The notification may be a message [as a summary … results report] (e.g., an email message to the user) and/or a ticket or task to review the source code 112 and correct one or 
Devane, however, discloses
	a …appended to the selected source code… (¶ [0018], “Taking the ZIP file format as an example, a ZIP file includes a plurality of n file entries, with each file entry starting at a relative offset and having a [appended] local header that provides metadata [such as a user ID as disclosed by Hortala] about the file, followed by the actual file data.”)
Archer, however, discloses
	1 …outputting a single-command menu option… (¶¶ [0022]-[0023], i.e., the GUI that includes a menu comprises a single-command menu option where a click of a menu executes a single command presented in the menu);
	4 …by selecting the single-command menu option (¶¶ [0022]-[0023], i.e., the mouse-click is used to select[] the single-command within the option[s] of the menu);
	Regarding the combination of Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the verification service features of Hortala. One of ordinary skill in the art would have been motivated to incorporate the service features of Hortala because Hortala discloses a software verification system “in a cloud computing environment, [where] verification tasks can be split up and divided among many instances of virtual resources (e.g., virtual machines and/or virtual operating systems such as Docker containers), which may all perform 
	Regarding the combination of Sharma-Hortala and Devane, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala to have included the zip-file feature of Devane. One of ordinary skill in the art would have been motivated to incorporate the zip-file feature of Devane because Hortala teaches “the verification project 235 may include a unique ID and/or other metadata for the verification project,” see Hortala ¶ [0051], and Devane teaches a means, i.e., a “header,” to achieve the storage of such metadata within a zip file.  See Devane ¶ [0018].
	Regarding the combination of Sharma-Hortala-Devane and Archer, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala-Devane to have included the single-command menu option of Archer. One of ordinary skill in the art would have been motivated to incorporate the single-command menu option of Archer because Sharma discloses an “input/output (I/O) unit,” see Sharma ¶ [0027], and Archer teaches a menu option to accommodate “user requests through buttons, tabs, menus, mouse-clicks, and other interactive methods,” see Archer ¶ [0022], to implement the functionality of the I/O unit of Sharma. 
Regarding Claim 2
Sharma in view of Hortala and Devane, and further in view of Archer (“Sharma-Hortala-Devane-Archer”) discloses the system of claim 1, and Sharma further discloses
further comprising: an encryption component (¶ [0081], “Preferably, this obfuscation is accomplished with encryption and/or direct manipulation and translation of sensitive data into generic data that would be unhelpful to malicious users,” with the encryption achieved through an encryption component), implemented on the at least one processor (¶ [0026]), encrypts the summary scan results report (Hortala ¶ [0033]) prior to the results component transmitting the encrypted summary scan results report to the user (¶ [0076], “For example, the static analysis module 408 can generate a security report [or result] 410 that indicates such paths as witnesses to security vulnerabilities. The security report 410 can be made to be available to a user in any suitable manner,” with the “suitable manner” involving encryption to conceal the report from “malicious users;” see also Hortala ¶ [0033], “The notification [sent to the user] may be a message (e.g., an email message)…,” i.e., e-mails are typically encrypted using SSL/TLS).
Regarding the combination of Sharma and Hortala, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.
Regarding Claim 3
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Sharma further discloses 
1 …, 
wherein the user…2 (¶¶ [0078]-[0079]).
Archer further discloses
1 wherein the single-command menu option further comprises a single click menu option associated with a graphical user interface (¶¶ [0022]-[0023], i.e., the graphical user interface that includes a menu comprises a single-command menu option where a click of a menu option represents a single click menu option),
	2 … performs a right mouse button click on a scan menu option associated with a graphical icon representing the selected source code (Sharma ¶¶ [0078]-[0079]) to initiate the security scanning of the selected source code (¶¶ [0022]-[0023], i.e., the use of a right mouse button click to initiate a desired, such as scanning, is obvious within the art).
	Regarding the combination of Sharma and Archer, the rationale to combine is the same as provided from claim 1 due to the overlapping subject matter between claims 1 and 3.
Regarding Claim 4
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Sharma further discloses 
wherein …1 comprising a JAVA client (¶ [0036], “Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object-oriented programming language such as Java™,...,” with the use of JAVA creating a JAVA client) accepting the user ID and the target directory containing the selected source code (Fig. 7, ¶¶ [0096]-[0099]).
Archer further discloses
1 …the single-command menu option (¶¶ [0022]-[0023]) further comprises a command-line utility… (Fig. 2, ¶ [0022], “The GUI 105 can have multiple windows for communication [that incorporates a command-line utility] to and from the user.”)
Regarding the combination of Sharma and Archer, the rationale to combine is the same as provided from claim 1 due to the overlapping subject matter between claims 1 and 4.
Regarding Claim 5
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Sharma further discloses 
wherein …1 further comprises a web interface (¶¶ [0038]-[0039], “With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser [acting as a web interface] over HTTP.”) configured to enable upload of … 2 containing the selected source code to…3 (Fig. 5, ¶¶ [0078]-[0079], i.e., members of the “development team 500” use single-command menu option (of Archer) that is contained within a web interface to upload the selected source code to the “static analysis tool 506” that “operates … in a cloud-based platform 508.”) associated with the security scan component (Fig. 5, ¶ [0079]),
wherein the web interface (¶¶ [0038]-[0039]) accepts a web service call (¶¶ [0038]-[0039], “…in which client machines communicate [by executing a web service call] with an Internet-accessible Web-based portal executing on a set of one or more machines.”) to copy the selected source code (Fig. 5, ¶¶ [0078]-[0079]) into the scan queue (Hortala ¶ [0030], i.e., the request of the “development team 500” is completed copy[ing] the source code into the scan queue so that a static analysis/scan can be completed). 
Archer further discloses
	1 …the single-command menu option… (¶¶ [0022]-[0023])
Hortala further discloses
	2 …the zip file … (¶ [0039])
3 …to a scan queue… (¶ [0030], “Once the source code 112 is copied into the storage service 128 (or second data store), the CI [continuous integration] pipeline 115 may execute 130 a worker for an automated test execution service (e.g., a test-on-demand (ToD) service) 135 to oversee the verification of the source code 112,” i.e., various projects are stored within the “pipeline” to form a queue) 
Regarding the combination of Sharma and Hortala, the rationale to combine is the same as provided from claim 1 due to the overlapping subject matter between claims 1 and 5.
Regarding the combination of Sharma-Hortala-Devane and Archer, the rationale to combine is the same as provided from claim 1 due to the overlapping subject matter between claims 1 and 5.
Regarding Claim 6
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Sharma further discloses 
wherein the extraction component (Fig. 7, ¶ [0099], i.e., the information within the XML tags are extracted by an extraction component) further identifies the user associated with the source code based on the user ID (Fig. 7, ¶¶ [0079], i.e., the used ID serves to identif[y] the user associated with the source code to report the scan results to the “development team 500”).  
Regarding Claim 7
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Hortala further discloses 
further comprising: an email address associated with the user ID (¶ [0033], “The notification may be a message (e.g., an email message) and/or a ticket or task to review the source code 112 and correct one or more errors in the source code that caused the proof attempt to fail,” i.e., a user of the “development team 500” possessing an email address associated with the user ID that relates to the <groupid> tag (Sharma Fig. 7)), 
wherein the summary scan results report () is transmitted to the email address for review by the user (¶ [0033], “”The notification may be a message (e.g., an email message)…” for review by the user of the “development team 500” of Sharma).
Regarding the combination of Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the e-mail feature of Hortala. One of ordinary skill in the art would have been motivated to incorporate the e-mail feature of Hortala because Sharma teaches “[t]he security report 410 can be made to be available to a user in any suitable manner,” see Sharma ¶ [0076], and teaches Hortala teaches the well-known use of an e-mail, see Hortala ¶ [0033], that comprises a “suitable manner.”

Regarding Claim 8
Sharma-Hortala-Devane-Archer discloses the system of claim 1, and Sharma further discloses 
wherein the selected source code is…1 (Fig. 5, ¶¶ [0078]-[0079]) containing a set of files or at least one folder (¶¶ [0108]-[0110], “The above-described steps are applied to each ARSA file to be combined. It ensures that the same analysis result will occur (for the whole-application analysis) regardless of the loading order of the ARSA files,” i.e., the ARSA files can be uploaded via the zip file as disclosed by Sawhney).  
Hortala further discloses
1 …the zip file… (¶ [0039])
Regarding the combination of Sharma and Sawhney, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.
Regarding Independent Claim 9
Sharma discloses
A computer-implemented method for code security scanning (Fig. 5, ¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities), the computer-implemented method comprising: 
1 …;
uploading, by a scan initiation component (¶¶ [0080]-[0082], i.e., the  “The generator tool [514 that acts as a scan initiation component], as will be described below, is the mechanism that automatically generates abstract program representations (APRs, each an APR 516) with respect to the source code component 502 of the application 504;” and  “In a preferred approach, an ARSA [Archive for Security Analysis] file for an APR is created by serializing the APR into a compact binary file format container that preferably contains only the data necessary for static application security analysis;” and ¶ [0103], “This enables the ARSA file to be sent [and thereby upload[ed]] for security scanning whenever needed;” and thus the “generator tool 514” acts as a scan initiation component), the zip file (Hortala ¶ [0039]) including the selected source code (¶¶ [0078]-[0079], i.e., the “development team 500” select[s] the source code to be scanned within an “abstract program representation (APR)”) to a target directory (¶¶ [0098]-[0099], “FIG. 7 illustrates an example set of build artifacts located in [target] directory “C:\myApp” and created by the build system for a particular source code component.”) on condition a user (¶¶ [0078]-[0079], “development team 500”) initiates security scanning of the selected source code within the zip file …2 (¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code [within the zip file as disclosed by Hortala ¶ [0039]] to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” i.e., for the source code to be scanned, it must necessarily be initiate[d], with such initiation occurring by a user within the “development team 500”); 
transferring, …3 , the selected source code from the target directory to a security scan component (Fig. 5, ¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that [serves as a security scan component], as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities;” and Fig. 5, ¶ [0079], “The static analysis tool 506 operates either on-premises, or in a cloud-based platform 508” that receives the source code (or source code as artifacts) when it is transferr[ed] via the illustrated network) …4; 
5 …; and 
6 -28-Docket No. 5422US02….  
Sharma doesn’t disclose
	1 appending, by a code scanning manager, a user identifier (ID) to selected source code stored in a zip file;
	2 … by selecting a single-command menu option,...
	3 …,by a listener component,…
	4 … in response to detecting a presence of the selected source code in the target directory,
	5 extracting, by an extraction component, the user ID from the selected source code within the zip file;
	6 transmitting, by a results component, a summary scan results report to the user associated with the selected source code via an email account associated with the user on condition the security scanning of the selected source code is complete.
Hortala, however, discloses
	1 …a , by a code scanning manager (“The worker for the automated test execution service 135 [as a code … manager] may determine a version of the source code 112, and may make a call 140 to a verification service 142 to begin verification on the source code 140,” and the “verification service” of Hortala implements the scanning of Sharma to implement a code scanning manager), a user identifier (ID) to selected source code (¶ [0030], “The call 140 may specify the version of the source code 112 and/or an account identifier (ID) associated with the source code 112 and/or developer [user] 105,”) stored in a zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code and the proof, which may be annotated source code 112,”);
	3 …,by a listener component,… (¶ [0030], “Once the source code 112 is copied into the storage service 128 (or second data store), the CI [continuous integration] pipeline 115 may execute 130 a worker [as a listener component]] for an automated test execution service (e.g., a test-on-demand (ToD) service) 135 to oversee the verification of the source code 112;” and ¶ [0038], “ The client 205 may be, for example a worker for an automated test execution service run by a CI pipeline, may be another automated function or entity, or may be a user such as a developer who manually makes the API call to trigger a new proof attempt,” i.e., the listener component implies automation which is taught or suggested by the “worker” which is associated with automation)
	4 … in response to detecting a presence of the selected source code (¶ [0038], “The worker for the automated test execution service 135 may periodically check (e.g., poll) 148 a verification status of the verification of the source code by the verification detect[] a presence of the selected source code]. This may include sending a query to the verification service 142 and/or sending a query to the storage service 128 [that can include the target directory as disclosed by Sharma] to access logs, runtime metrics and/or outputs of verification tasks that have been stored in the storage service 128.”) in the target directory (Sharma ¶¶ [0098]-[0099]),
	5 extracting, by an extraction component (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] occurs [by an extraction component comprising the software that performs the extraction] in associating with unpacking the zip file), the user ID from the selected source code within the zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] of the header as disclosed by Devane ¶ [0018] results in the extraction of the user ID);
	6 transmitting, by a results component (Fig. 2, ¶ [0033], “If verification fails, the worker [as a results component] for the automated test execution service 135 may generate a notification 150,” i.e., the “worker” as disclosed is multifunctional and consists of multiple components with respective functionalities), a summary scan results report to the user associated with the selected source code via an email account associated with the user (¶ [0033], “The notification may be a message [as a summary … results report] (e.g., an email message to the user) and/or a ticket or task to review the source code 112 and correct one or more errors in the source code that caused the proof attempt to fail,” i.e., the “verification service” of Hortala implements the scanning of  on condition the security scanning of the selected source code is complete (¶ [0033], i.e., it would be obvious to one skilled in the art that results imply the scanning … is complete).
Devane, however, discloses
	a appending…[a user identifier (ID) to selected source code] (¶ [0018], “Taking the ZIP file format as an example, a ZIP file includes a plurality of n file entries, with each file entry starting at a relative offset and having a [appended] local header that provides metadata [such as a user ID as disclosed by Hortala] about the file, followed by the actual file data.”)
Archer, however, discloses
	2 … by selecting a single-command menu option,… (¶¶ [0022]-[0023], the GUI that includes a menu comprises a single-command menu option where a click of a menu executes a single command presented in the menu, and the mouse-click is used to select[] the single-command within the option[s] of the menu),
	Regarding the combination of Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the verification service features of Hortala. One of ordinary skill in the art would have been motivated to incorporate the service features of Hortala because Hortala discloses a software verification system “in a cloud computing environment, [where] verification tasks can be split up and divided among many instances of virtual resources (e.g., virtual machines and/or virtual operating systems such as Docker containers), which may all perform 
	Regarding the combination of Sharma-Hortala and Devane, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala to have included the zip-file feature of Devane. One of ordinary skill in the art would have been motivated to incorporate the zip-file feature of Devane because Hortala teaches “the verification project 235 may include a unique ID and/or other metadata for the verification project,” see Hortala ¶ [0051], and Devane teaches a means, i.e., a “header,” to achieve the storage of such metadata within a zip file.  See Devane ¶ [0018].
	Regarding the combination of Sharma-Hortala-Devane and Archer, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala-Devane to have included the single-command menu option of Archer. One of ordinary skill in the art would have been motivated to incorporate the single-command menu option of Archer because Sharma discloses an “input/output (I/O) unit,” see Sharma ¶ [0027], and Archer teaches a menu option to accommodate “user requests through buttons, tabs, menus, mouse-clicks, and other interactive methods,” see Archer ¶ [0022], to implement the functionality of the I/O unit of Sharma. 
Regarding Claim 13
Sharma-Hortala-Devane-Archer discloses the computer-implemented method of claim 9, and Sharma further discloses
further comprising: …1.
a initiating a security scan (¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” i.e., for the source code to be scanned, it must necessarily be initiate[d], with such initiation occurring by a user within the “development team 500”) on the selected source code… (¶¶ [0078]-[0079])
Archer further discloses
	1 presenting a right mouse button menu option for …a via a single activation of a mouse button (¶¶ [0022]-[0023], “The GUI 105 can allow user requests through buttons, tabs, menus, mouse-clicks, and other user interactive methods,” noting Archer doesn’t explicitly disclose “a right mouse button menu option” and “a single activation of a mouse button,” but these limitations are routinely used in computing and would be obvious to one skilled in the art.  See See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”). 
	Regarding the combination of Sharma-Hortala and Archer, the rationale to combine is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 13.

Regarding Independent Claim 17
Sharma discloses
A non-transitory computer program product (¶ [125], “The computer program product may be a product having program instructions (or program code) to implement one or more of the described functions”) comprising computer readable program code embodied therein (¶ [0125]) that when executed (¶ [0126], “In a representative embodiment, the techniques are implemented in a special purpose computing platform, preferably in software executed by one or more processors.”) by a processor (Fig. 2, ¶ [0026]), causes the processor to
1 …;
2…; 
a … initiating a security scan (¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” i.e., for the source code to be scanned, it must necessarily be initiate[d], with such initiation occurring by a user within the “development team 500”) on the zip file (Hortala ¶ [0039]) file including the selected source code… (¶¶ [0078]-[0079], i.e., the “development team 500” select[s] the source code to be scanned within an “abstract program representation (APR)”)
upload, by a scan initiation component (¶¶ [0080]-[0082], i.e., the  “The generator tool [514 that acts as a scan initiation component], as will be described below, is the mechanism that automatically generates abstract program representations (APRs, each upload[ed]] for security scanning whenever needed;” and thus the “generator tool 514” acts as a scan initiation component)), the zip file (Hortala ¶ [0039]) including the selected source code to a target directory on condition a user initiates security scanning of the zip file (Hortala ¶ [0039]) including the selected source code…3 (¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that, as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities,” i.e., for the source code to be scanned, it must necessarily be initiate[d], with such initiation occurring by a user within the “development team 500”), 
the selected source code including a user identifier (ID) appended to the selected source code (Fig. 7, ¶¶ [0096]-[0099], “The following provides a more concrete example. In this embodiment, the APR is generated from the source code component by analyzing build artifacts (e.g., such as a Maven pom.xml file, an Ant build.xml file, or the like) to extract preferably the following information: the paths to the build outputs (e.g. *.jar, *.war, etc.), the path(s) to the source code directories,…,” i.e., the Project Object Model (“pom”) file provides the user identifier (e.g., the name within the tag append the user identification to the source code as artifacts that are subject to the scanning); 
transfer, … 4, the selected source code from the target directory to a security scan component (Fig. 5, ¶ [0079], “As depicted, the environment includes a Static Analysis Security Testing (SAST) tool or agent 506 that [serves as a security scan component], as is well-known and as described above (e.g., FIG. 4), is used to scan source code to identify potential security vulnerabilities, and that provides developers with assistance to triage and fix those identified vulnerabilities;” and Fig. 5, ¶ [0079], “The static analysis tool 506 operates either on-premises, or in a cloud-based platform 508” that receives the source code (or source code as artifacts) when it is transferr[ed] via the illustrated network) …5; 
6 …; and 
…7.
Sharma doesn’t disclose
	1 append, by a code scanning manager, a user identifier (ID) to selected source code stored in a zip file;
	2 output a right mouse button menu option for …a via a single activation of a mouse button;
	3 by clicking on a menu option associated with a mouse button,
4 …, by a listener component, ...
	5 … in response to detecting a presence of the selected source code in the target directory;
	6 extract, by an extraction component, the user ID from the selected source code in the zip file;
	7 transmit, by a results component, a summary scan results report to an email account of the user associated with the user ID extracted from the selected source code on condition the security scanning of the selected source code is complete, wherein the email account is associated with the user ID extracted from the selected source code.
Hortala, however, discloses
1 …b, by a code scanning manager (“The worker for the automated test execution service 135 [as a code … manager] may determine a version of the source code 112, and may make a call 140 to a verification service 142 to begin verification on the source code 140,” and the “verification service” of Hortala implements the scanning of Sharma to implement a code scanning manager), a user identifier (ID) to selected source code (¶ [0030], “The call 140 may specify the version of the source code 112 and/or an account identifier (ID) associated with the source code 112 and/or developer [user] 105,”) stored in a zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code and the proof, which may be annotated source code 112,”);
4 …, by a listener component, ... (¶ [0030], “Once the source code 112 is copied into the storage service 128 (or second data store), the CI [continuous integration] pipeline 115 may execute 130 a worker [as a listener component]] for an automated test execution service (e.g., a test-on-demand (ToD) service) 135 to oversee the verification of the source code 112;” and ¶ [0038], “ The client 205 may be, for example a worker for an automated test execution service run by a CI pipeline, may be another automated listener component implies automation which is taught or suggested by the “worker” which is associated with automation)
	5 … in response to detecting a presence of the selected source code (¶ [0038], “The worker for the automated test execution service 135 may periodically check (e.g., poll) 148 a verification status of the verification of the source code by the verification service 142 [and thereby detect[] a presence of the selected source code]. This may include sending a query to the verification service 142 and/or sending a query to the storage service 128 [that can include the target directory as disclosed by Sharma] to access logs, runtime metrics and/or outputs of verification tasks that have been stored in the storage service 128.”) in the target directory (Sharma ¶¶ [0098]-[0099]);
	6 extract, by an extraction component (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] occurs [by an extraction component comprising the software that performs the extraction] in associating with unpacking the zip file), the user ID from the selected source code in the zip file (¶ [0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] of the header as disclosed by Devane ¶ [0018] results in the extraction of the user ID);
	7 transmit, by a results component (Fig. 2, ¶ [0033], “If verification fails, the worker [as a results component] for the automated test execution service 135 may generate a notification 150,” i.e., the “worker” as disclosed is multifunctional and , a summary scan results report to an email account of the user associated with the user ID (¶ [0033], “The notification may be a message [as a summary … results report] (e.g., an email message to the user) and/or a ticket or task to review the source code 112 and correct one or more errors in the source code that caused the proof attempt to fail,” i.e., the “verification service” of Hortala implements the scanning of Sharma, and the results of the verification/scanning occur in the notification/summary results report.) extracted from the selected source code () on condition the security scanning of the selected source code is complete (¶ [0033], i.e., it would be obvious to one skilled in the art that results imply the scanning … is complete), wherein the email account is associated with the user ID ([0030], “The call 140 may specify the version of the source code 112 and/or an account identifier (ID) associated with the source code 112 and/or developer [user] 105,”) extracted from the selected source code ([0039], “The source code and proof may be combined together in a single file (e.g., a compressed file such as a zip file) with the source code,” i.e., the zip file is compressed and extract[ion] occurs [by an extraction component comprising the software that performs the extraction] in associating with unpacking the zip file).
Devane, however, discloses
	b append,… (¶ [0018], “Taking the ZIP file format as an example, a ZIP file includes a plurality of n file entries, with each file entry starting at a relative offset and having a [appended] local header that provides metadata [such as a user ID as disclosed by Hortala] about the file, followed by the actual file data.”)
Archer, however, discloses
2 output a right mouse button menu option for …a via a single activation of a mouse button (¶¶ [0022]-[0023], “The GUI 105 can allow user requests through buttons, tabs, menus, mouse-clicks, and other user interactive methods,” noting Archer doesn’t explicitly disclose “a right mouse button menu option” and “a single activation of a mouse button,” but these limitations are routinely used in computing and would be obvious to one skilled in the art.  See See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”);
	3 … by clicking on a menu option associated with a mouse button (¶¶ [0022]-[0023], “The GUI 105 can allow user requests through buttons, tabs, menus, mouse-clicks, and other user interactive methods.”),
Regarding the combination of Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the verification service features of Hortala. One of ordinary skill in the art would have been motivated to incorporate the service features of Hortala because Hortala discloses a software verification system “in a cloud computing environment, [where] verification tasks can be split up and divided among many instances of virtual resources (e.g., virtual machines and/or virtual operating systems such as Docker containers), which may all perform 
	Regarding the combination of Sharma-Hortala and Devane, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala to have included the zip-file feature of Devane. One of ordinary skill in the art would have been motivated to incorporate the zip-file feature of Devane because Hortala teaches “the verification project 235 may include a unique ID and/or other metadata for the verification project,” see Hortala ¶ [0051], and Devane teaches a means, i.e., a “header,” to achieve the storage of such metadata within a zip file.  See Devane ¶ [0018].
	Regarding the combination of Sharma-Hortala-Devane and Archer, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma-Hortala-Devane to have included the single-command menu option of Archer. One of ordinary skill in the art would have been motivated to incorporate the single-command menu option of Archer because Sharma discloses an “input/output (I/O) unit,” see Sharma ¶ [0027], and Archer teaches a menu option to accommodate “user requests through buttons, tabs, menus, mouse-clicks, and other interactive methods,” see Archer ¶ [0022], to implement the functionality of the I/O unit of Sharma. 
Regarding Dependent Claims 10 and 18
With respect to dependent claims 10 and 18, a corresponding reasoning as given earlier for dependent claim 2 applies, mutatis mutandis, to the subject matter of claims 
Regarding Dependent Claim 11
With respect to dependent claim 11, a corresponding reasoning as given earlier for dependent claim 3 applies, mutatis mutandis, to the subject matter of claim 11. Therefore, claim 11 is rejected, for similar reasons, under the grounds set forth for claim 3. 
Regarding Dependent Claim 12
With respect to dependent claim 12, a corresponding reasoning as given earlier for dependent claim 6 applies, mutatis mutandis, to the subject matter of claim 12. Therefore, claim 12 is rejected, for similar reasons, under the grounds set forth for claim 6.
Regarding Dependent Claim 14
With respect to dependent claim 14, a corresponding reasoning as given earlier for dependent claim 4 applies, mutatis mutandis, to the subject matter of claim 14. Therefore, claim 14 is rejected, for similar reasons, under the grounds set forth for claim 4.
Regarding Dependent Claim 15
With respect to dependent claim 15, a corresponding reasoning as given earlier for dependent claim 5 applies, mutatis mutandis, to the subject matter of claim 15. Therefore, claim 15 is rejected, for similar reasons, under the grounds set forth for claim 5.

Regarding Dependent Claims 16 and 20
With respect to dependent claims 16 and 20, a corresponding reasoning as given earlier for dependent claim 7 applies, mutatis mutandis, to the subject matter of claims 16 and 20. Therefore, claims 16 and 20 are rejected, for similar reasons, under the grounds set forth for claim 7.
Regarding Dependent Claim 19
With respect to dependent claim 19, a corresponding reasoning as given earlier for dependent claim 8 applies, mutatis mutandis, to the subject matter of claim 19. Therefore, claim 19 is rejected, for similar reasons, under the grounds set forth for claim 8.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491