DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on February 18, 2022 has been entered.
Response to Amendments
	This office action is responsive to application 16/839,541 and the RCE filed on February 18, 2022.  Claims 1, 6, 9, and 16-17 were amended, and claims 1-20 remain pending in the application.
Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed with the RCE, and the Examiner responds as provided below.
	Regarding the Applicant’s response at pages 8-10 of the Remarks that concerns the § 103 rejection of claim 1, and by inference independent claims 9 and 17, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the independent claims because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.
Regarding the Applicant’s response at pages 10-11 of the Remarks that concerns the § 103 rejection of dependent claim 6, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to claim 6 because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.
Regarding the Applicant’s response at page 11 of the Remarks that concerns the § 103 rejection of dependent claim 16, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to claim 6 because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.
Regarding the Applicant’s response at page 10 that concerns the allowability of the dependent claims, the argument is based upon the allowability of the independent claims.  Because the independent claims are not allowable over the prior art of record as detailed below, the dependent claims are similarly not allowable.
Claim Objections
Claim 1 is objected to because of the following informalities:  the second occurrence of “a network” should read “the network,” i.e., “a remote computing device via the network.”  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation previously addressed in the primary reference analysis, but presented to provide context to a further limitation addressed in a secondary reference analysis.
Numbered footnote – a first phrase to be moved upwards to the primary reference analysis.
Lettered footnote – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gondi (US 10,459,822, “Gondi”) in view of Sharma et al. (US 2016/0180096, “Sharma”) and Hortala et al. (US 2020/0073783, “Hortala”), and further in view of Archer et al. (US 2014/0208431.
Regarding Claim 1
Gondi discloses
A system for code security scanning (abstract, Figs. 1 & 2A-B), the system comprising: 
a memory (Fig. 3, Col. 18:27-59, “In addition to, in combination with, and/or in lieu of the user interface module 382, the memory 380 may include a static analysis program 386 that may be executed by the processing unit 390.”); 
at least one processor communicatively coupled to the memory (Fig. 3, Col. 18:27-59, “In addition to, in combination with, and/or in lieu of the user interface module 382, the memory 380 may include a static analysis program 386 that may be executed by [and thereby coupled to] the processing unit 390.”); 
a code scanning manager (Col. 7:3-29, “The network-accessible services system 210 may provide the user computing devices 102 with one or more user interfaces, command-line interfaces (‘CLI’), application programing interfaces (‘API’), and/or other programmatic interfaces for generating … source [code (noting a typographic error)]…,” and Col. 2:39-56, “Referring to FIG. 1, embodiments of the present disclosure may operate within or upon a computing environment 100 in which users (e.g., developers, website visitors, etc.) of user computing devices 102A and 102B may submit source code (e.g., source code 110 and 112) for analysis to one or more servers (e.g., servers 120A and 120B) that may execute one or more static analysis programs (e.g., static analysis programs 170A and 170B).” i.e., the “interface” serves as a code scanning manager to ultimately enable the submission of source code), implemented on the at least one processor (Fig. 3, Col. 18:27-59), that: 
appends a user identifier (ID) to selected source code in a file (Col. 11:37-52, “A request [prepared at least in part by via the code scanning manager] to execute one or more functions sent by the user computing device 102 may specify one or more third-party libraries (including native libraries) to be used in the static analysis of the [selected] source code. In one embodiment, the request includes a package file (for example, a compressed file, a ZIP file, a RAR file, etc.) containing the source code [with the source code being in a file, e.g., NameOfCode.pl for Perl, NameOfCode.cc for C++, etc.] and any libraries (and/or identifications of storage locations thereof). In some embodiments, the request includes [append[ed]] metadata that indicates, the language in which the source code is written, the user computing device 102 [that serves as a user identifier (ID)] associated with the request,” i.e., a user ID can be inferred from the “user computing device” based upon an user being authenticated by a device, thus establishing a relationship from the “computing device” to the identity of the user,” and Col. 2:39-56, “Referring to FIG. 1, embodiments of the present disclosure may operate within or upon a computing environment 100 in which users (e.g., developers, website visitors, etc.) of user computing devices 102A and 102B may submit source code (e.g., source code 110 and 112) [that the user select[s]] for analysis to one or more servers (e.g., servers 120A and 120B) that may execute one or more static analysis programs (e.g., static analysis programs 170A and 170B).”), and 
in response to appending the user ID to the selected source code (Cols. 11:37-52, 2:39-56), 
generates a zip file including the file including the selected source code with the appended user ID (Col. 11:37-52, “In one embodiment, the request includes a package file [that was generate[d]] (for example, a compressed file, a ZIP file, a RAR file, etc.) containing [or including] the [selected] source code and … the user computing device 102 associated with the request…”); 
a user interface device …1 associated with the selected source code stored in the zip file (Col. 7:3-29, “The network-accessible services system 210 may provide the user computing devices 102 with one or more user interfaces [i.e., collectively a user interface device], command-line interfaces (‘CLI’), application programing interfaces (‘API’), and/or other programmatic interfaces for generating and/or uploading source [i.e., selected source code via the zip file], analyzing the [uploaded] source code (e.g., submitting a request to perform a static analysis on the network-accessible services system 210),…”); 
a scan initiation component, implemented on the at least one processor (Fig. 3, Col. 18:27-59), that uploads the zip file including the file including the selected source code with the appended user ID (Col. 11:37-52) to …2 via a network (Fig. 2, Col. 16:40-59, “In some embodiments, the computing resource service provider may provide, or otherwise be compatible with, an environment API [application programming interface] 292 [as a scan initiation component] through which a user computing device 102 can connect to the scanning service system 294,” and Fig. 2, Col.  17:19-38, “That is, in some embodiments a user may provide some or all of the source code [within the zip file previously generated] to the scanning service system 294, such as by uploading (e.g., via the API 292 [or scan iniation component and via the “network 204”]) the source code to a data store [that possesses the target directory as disclosed by Sharma ¶ [0100]]  or data storage service (e.g., electronic data store 298) accessible by the scanning service system 294,”) 
on condition a user initiates security scanning of the selected source code with the appended user ID within the zip file (Col. 11:37-52) by selecting the single-command menu option (Col. 2:39-56, “Referring to FIG. 1, embodiments of the present disclosure may operate within or upon a computing environment 100 in which users (e.g., developers, website visitors, etc.) of user computing devices 102A and 102B may [initiate and] submit [via selecting the single-command menu option of Archer ¶¶ [0022]-[0023], which thereby meets the condition] source code (e.g., source code 110 and 112) for analysis to one or more servers (e.g., servers 120A and 120B) that may execute one or more static analysis programs (e.g., static analysis programs 170A and 170B),” and Col. 16:60-17:18, “Within the computing environment 290, the [security] scanning service system 294 may perform static analysis of source code”); 
a listener component (Fig. 2A, Col. 9:32-10:42, “In some embodiments, the frontend 220 [as a listener component] may receive requests and/or any other suitable information directed to a static analysis service 270, such as requests to initiate a static analysis on a particular corpus of source code. In some embodiments, requests and/or events may be processed by an event/request processing module 260. For example, the event/request processing module 260 [as a subcomponent of the front end 220/listener component] may process an event message for a request to execute a static analysis, as described herein.”), implemented on the at least one processor (Fig. 3, Col. 18:27-59), 
periodically checks the {target directory (Sharma ¶ [0100])} for unscanned code (Fig. 2A, Col. 3:18-55, “the IDE generates event messages, such as requests to the system, to perform static analysis [as a scan] of affected portions.  For example, a development project for a software application includes a function, written by the programmer, which is called in multiple different locations of the application's source code. When the function is first created [and thereby comprises unscanned code], catalogued, registered, etc., by the programmer, the IDE notifies the system that the function [as unscanned code] is ready for static analysis,” and Col. 9:32-10:42, “For example, the event/request processing module 260 [as the listener component] may periodically access [and thereby check] a message queue [located within the target directory as disclosed by Sharma ¶ [0100]] to determine and/or detect whether an event message [as a request to perform a static analysis upon unscanned code] has been placed in the message queue for processing by the network-accessible services system 210. In response to determining and/or detecting an event message in the message queue, the event/request processing module 260 may retrieve the message event from the message queue and initiate further processing of the event message”) and 
submits the selected source code to a security scan component associated with a remote computing device via a network (Fig. 2A, 9:32-10:42, “For example, the static analysis service system 270 [as a security scan component] may receive the request and/or the [selected] source code [and was thereby submit[ted]], and may determine functions to be executed to perform the static analysis.,” and Fig. 2B, Col. 16:40-17:18, “Referring to FIG. 2B, embodiments of the present disclosure may operate within or upon a computing environment 290 in which users may use user computing devices 102 to request that a computing resource service provider 296 execute one or more programs and/or request analysis of source code by a [remote] scanning service system 294 [that serves as a security scan component],” i.e., as illustrated by Fig. 2B, “scanning service system 294” is a remote computing device with respect to “computing devices 102” that are associated … via a network; and “Such user input may be used to submit [selected] source code and/or any other suitable information to the computing resource service provider 296 and/or to the scanning service system 294.”); 
an extraction component, implemented on the at least one processor (Fig. 3, Col. 18:27-59), extracts the user ID from the selected source code in the zip file (Col. 9:32-10:42, “For example, the frontend 220 may determine whether the user computing device 102 associated with the request is authorized to run the static analysis specified in the request,” i.e., when the “user computing device 102” comprising a user ID is included in a zip file as metadata, see Col. 11:37-52, an extraction component is required to decompress the zip file to allow the extract[ion] of the user ID, which then enables the user ID to be identified and associated with source code to conduct the “authoriz[ation] to run the static analysis,” noting the extraction component is not literally recited but inferred from the disclosure of the zip file, see MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”); and 
3 ….  
Gondi doesn’t disclose
	1 … outputting a single-command menu option …
	2 … a target directory …
	3 a results component, implemented on the at least one processor, transmits a summary scan results report to the user associated with the user ID extracted from the selected source code.
Sharma, however, discloses
	2 … a target directory … (¶ [0100], “The relationship between targets and files 
lends itself well to a file system hierarchy. Thus, in one example, the discovery operation simply identifies a containing directory as a target, and then crawls through the directory to collect files of recognizable extension types. In a more complex run strategy, the discovery operation treats the [target] directory as a “project,” e.g., from an Integrated Development Environment IDE [to scan code], e.g., Eclipse, or Visual Studio.”)
Hortala, however, discloses
	3 a results component (Fig. 2, ¶ [0033], “If verification fails, the worker [as a results component] for the automated test execution service 135 may generate a notification 150 [that forwards a result],” i.e., the “worker” as disclosed is multifunctional and consists of multiple components with respective functionalities), {implemented on the at least one processor (Gondi Fig. 3, Col. 18:27-59)}, transmits a summary scan results report to the user associated with the user ID extracted from the selected source code (¶ [0033], “The notification may be a message [as a summary … results report] (e.g., an email message to the user) and/or a ticket or task to review the source code 112 and correct one or more errors [comprising a result] in the source code that caused the proof attempt to fail,” i.e., the “verification service” of Hortala implements the scanning of Gondi, and the results of the verification/scanning occur in the notification/summary scan results report.).
Archer, however, discloses
1 {a user interface device} outputting a single-command menu option … (¶¶ [0022]-[0023], “The GUI 105 [for outputting on the user interface device] can allow user requests through buttons, tabs, menus, mouse-clicks, and other user interactive methods,” i.e., Gondi generically discloses the use of various “interfaces” on the user device 102, including a “command-line interface,” and Archer provides specific examples that are output[] via the interface and act as a single-command menu option)
Regarding the rationale to combine Gondi and Sharma, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Gondi to have included the target directory feature of Sharma. One of ordinary skill in the art would have been motivated to incorporate the target directory feature of Sharma because Sharma teaches, “The relationship between targets and files lends itself well to a file system hierarchy,” see Sharma ¶ [0100], and this type of “file system hierarchy” is appropriate for the scanning system of Gondi where previously stored results are relied upon, i.e., “In some embodiments, the second static analysis program 170B may generate results 118 of a static analysis of the second source code 112, which may be based at least in part on the second metadata 126 corresponding to portions of the first source code 110.  For example, the behavior of the first snippet may be inferred from the second metadata, and used in the analysis of a second snippet that uses an output of the first snippet as an input.”  See Gondi Col. 6:43-56.
Regarding the rationale to combine Gondi-Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the results feature of Hortala. One of ordinary skill in the art would have been motivated to incorporate the results feature of Hortala because Hortala discloses a method whereby a “notification” as a “message” to enable a developer “review the source code 112 and correct one or more errors in the source code that caused the proof attempt to fail,” thereby improving the quality of the source code.  See Hortala ¶ [0033].	
Regarding the rationale to combine Gondi-Sharma-Hortala and Archer, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Gondi-Sharma-Hortala to have included the single-command menu option of Archer. One of ordinary skill in the art would have been motivated to incorporate the single-command menu option of Archer because Gondi generically discloses “interfaces” for communication, see Col. 7:3-29, and Archer teaches a menu option to accommodate “user requests through buttons, tabs, menus, mouse-clicks, and other interactive methods,” see Archer ¶ [0022], to implement the functionality of the interfaces of Gondi. 

Regarding Claim 2
Gondi in view of Sharma and Hortala, and further in view of Archer (“Gondi-Sharma-Hortala-Archer”) discloses the system of claim 1, and Gondi further discloses
further comprising: an encryption component, implemented on the at least one processor (Fig. 3, Col. 18:27-59), encrypts the summary scan results report prior to the results component transmitting the encrypted summary-2-PATENT scan results report to the user (Col. 7:30-56, “For example, the protocols used by the network 104 may include Hypertext Transfer Protocol (“HTTP”), HTTPS, Message Queue Telemetry Transport (“MQTT”), Constrained Application Protocol (“CoAP”), and the like. Protocols and components for communicating via the Internet or any of the other aforementioned types of communication networks are well known to those skilled in the art and, thus, are not described in more detail herein,” i.e., Gondi is silent to encrypting the scan results prior to transmitting the results over the network to the user, but Gondi references HTTPS, or “Hypertext Transfer Protocol Secure,” which is a protocol, or encryption component, that provides secure communication over the Internet, or network, by encrypting the communication, or summary scan results, prior to transmitting the results to the user, with the protocol, as Gondi noted, being “well known to those skilled in the art and, thus, are not described in more detail herein.” See MPEP § 2141(III)).
Regarding Claim 3
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Archer further discloses 
1 …, 
wherein the user performs a right mouse button click on a scan menu option associated with a graphical icon representing the selected source code to initiate the security scanning of the selected source code (Col. 9:7-31, “For example, the user computing device 102 may submit [via a right mouse button click] a request to perform a static analysis on source code (e.g., source code 110), which may involve performing one or more functions that collectively execute the static analysis,” i.e., Gondi is silent about the specific means to “submit a request to perform a static analysis on source code,” but the use of a right mouse button click employed on a scan menu option to implement the request is routine and well-known and obvious to one skilled in the art, see MPEP § 2141(III)).
Archer further discloses
1 wherein the single-command menu option (¶¶ [0022]-[0023]) further comprises a single click menu option associated with a graphical user interface (¶ [0022], “The GUI 105 can allow user requests through buttons, tabs, menus, mouse-clicks [that utilize an single click menu option that is associated with the GUI], and other user interactive methods.”)
Regarding the rationale to combine Gondi-Sharma-Hortala and Archer, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.
Regarding Claim 4
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Gondi further discloses 
wherein the single-command menu option (Archer ¶¶ [0022]-[0023]) further comprises a command-line utility (Col. 7:3-29, “The network-accessible services system 210 may provide the user computing devices 102 with one or more user interfaces, command-line interfaces (‘CLI’),…”) comprising…1 accepting the user ID (Col. 11:37-52, “In some embodiments, the request includes metadata that indicates, the language in which the source code is written, the user computing device 102 [as the user ID] associated with the request, and/or the computing resources (e.g., memory, etc.) to be reserved for executing the static analysis,” i.e., Gondi is silent as to how the user ID is accepted as “metadata,” but in view of Sharma ¶ [0036] below, it would be obvious to use a Java client as but one means to create the metadata that comprises the user ID) and the target directory containing the selected source code (Col. 11:37-52, “In one embodiment, the request includes a package file (for example, a compressed file, a ZIP file, a RAR file, etc.) containing the source code and any libraries (and/or identifications of storage locations [as a target directory] thereof),” i.e., it would be obvious to use the Java client of Sharma as but one means to create the metadata comprising the target directory as a “storage location” and the source code).
Sharma further discloses 
1 …a JAVA client… (¶ [0036], “Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object-oriented programming language such as Java™, Smalltalk, C++, C#, Objective-C, or the like, and conventional procedural programming languages. The program code may execute entirely on the user's computer [acting as a client and thereby implementing Java client], partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server.”).
Regarding the rationale to combine Gondi and Sharma, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Gondi to have included the Java feature of Sharma. One of ordinary skill in the art would have been motivated to incorporate the Java feature of Sharma because Gondi generically discloses “interfaces” for communication, see Col. 7:3-29, and Sharma teaches the use of Java and other program languages, see Sharma ¶ [0036], to implement the functionality of the interfaces of Gondi.
Regarding the rationale to combine Gondi-Sharma and Archer, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.
Regarding Claim 5
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Gondi further discloses 
wherein the single-command menu option (Archer ¶¶ [0022]-[0023]) further comprises a web interface configured to enable upload of the zip file containing the selected source code (Col. 11:6-36, “In some embodiments, the frontend 220 may include a web service [and thereby provide a web interface to enable the web service] and/or may expose a web service HTTPS (or any other suitable protocol) API that may be used to submit requests [that upload the zip file] to execute a static analysis [on the selected source code within the zip file],” and Col. 17:19-38, “That is, in some embodiments a user may provide some or all of the source code to the scanning service system 294, such as by uploading (e.g., via the API 292) the [selected] source code to a data store or data storage service (e.g., electronic data store 298) accessible by the scanning service system 294.”) 
to a scan queue associated with the security scan component (Fig. 2A, Col. 9:32-10:42, “For example, the event/request processing module 260 may periodically access a message queue [as a scan queue] to determine and/or detect whether an event message [as a request to perform a static analysis] has been placed in the message queue [or scan queue] for processing by the network-accessible services system 210. In response to determining and/or detecting an event message in the message queue [or scan queue], the event/request processing module 260 may retrieve the message event from the message queue and initiate further processing of the event message,” and Fig. 2A, Col. 9:32-10:42, “In some embodiments, the frontend 220 [possessing the scan queue via processing module 260] may receive requests and/or any other suitable information directed to a static analysis service 270 [as the security scan component], such as requests to initiate a static analysis on a particular corpus of source code. In some embodiments, requests and/or events may be processed by an event/request processing module 260 [that possesses the scan queue, and thus the scan queue [is] associated with the security scan component].), 
wherein the web interface (Col. 11:6-36) accepts a web service call to copy the selected source code into the scan queue (Col. 16:40-17:18, “For example, the API 292 may be a web-based interface implemented on a web server of the computing resource service provider 296; one or more user interfaces may be transmitted to the user computing device 102 and displayed thereon, enabling the user of the user computing device 102 to provide settings, commands [e.g., a web service call], software packages, and other user input, to the computing resource service provider 296. Such user input may be used to submit [via a web service call and thereby copy] [selected] source code and/or any other suitable information to the computing resource service provider 296 and/or to the scanning service system 294,” and Fig. 2A, Col. 9:32-10:42, “For example, the event/request processing module 260 may periodically access a message queue [as a scan queue] to determine and/or detect whether an event message [as a request to perform a static analysis] has been placed in the message queue [or scan queue] for processing by the network-accessible services system 210,” i.e., the selected source code that is submitted/copied to the storage of either scanning service system 294 or resource service provided 296 is stored in a scan queue by virtue of the message queue that correlates event messages to respective selected source codes).
Regarding the rationale to combine Gondi-Sharma-Hortala and Archer, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
Regarding Claim 6
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Gondi further discloses 
wherein: the extraction component (Col. 11:37-52) further identifies the user associated with the source code based on the user ID (Col. 9:32-10:42, “For example, the frontend 220 may determine whether the user computing device 102 associated with the request is authorized to run the static analysis specified in the request,” i.e., when the “user computing device 102” comprising a user ID is included in a zip file as metadata, see Col. 11:37-52, the extraction component decompresses the zip file to the extract the user ID, which then enables the user ID to be employed to conduct the “authoriz[ation] to run the static analysis,” which entails identif[ying] the user associated with the source code based on the user ID), and 
the listener component further identifies the selected source code (Col. 11:37-52, “A request to execute one or more functions sent by the user computing device 102 may specify one or more third-party libraries (including native libraries) to be used in the static analysis of the [selected] source code.”) as unscanned code (Col. 9:32-10:42, “For example, the event/request processing module 260 [as the listener component] may periodically access a message queue to determine and/or detect [and thereby identify] whether an event message [as a request to perform a static analysis upon unscanned code, Col. 3:18-35] has been placed in the message queue for processing by the network-accessible services system 210. In response to determining and/or detecting an event message in the message queue [that represents the identif[ication] of unscanned code], the event/request processing module 260 may retrieve the message event from the message queue and initiate further processing of the event message,” and Col. 17:44-63, “The request may be an API call including information corresponding to the requestor, the source code to be analyzed, identifying information of the source code to be analyzed (e.g., source code stored by the computing resource services system 294), etc.”) and 
submits the selected source code as unscanned code to the security scan component (Fig. 2A, 9:32-10:42, “For example, the static analysis service system 270 [as a security scan component] may receive the request and/or the [selected] source code [and was thereby submit[ted]], and may determine functions to be executed to perform the static analysis,” and Col. 17:19-38, “In other embodiments, a service of the computing resource service provider 296 may provide [and thereby submit[]] the [unscanned] source code to the scanning service system 294 [as the security scan component to perform the scan], or may store the source code or otherwise make the source code accessible by the scanning service system 294.”).
Regarding Claim 7
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Hortala further discloses 
further comprising: an email address associated with the user ID (¶ [0033], “The notification may be a message (e.g., an email message) and/or a ticket or task to review the source code 112 and correct one or more errors in the source code that caused the proof attempt to fail,” i.e., a user of the “development team 500” possessing an email address associated with the user ID that relates to the “computing device 102” within the “metadata” (Gondi, Col. 11:37-52)), 
wherein the summary scan results report (¶ [0033]) is transmitted to the email address for review by the user (¶ [0033], “”The notification may be a message (e.g., an email message)…” for review by the user of the “development team 500” of Sharma).
Regarding the combination of Sharma and Hortala, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the scanning system of Sharma to have included the e-mail feature of Hortala. One of ordinary skill in the art would have been motivated to incorporate the e-mail feature of Hortala because Sharma teaches “[t]he security report 410 can be made to be available to a user in any suitable manner,” see Sharma ¶ [0076], and teaches Hortala teaches the well-known use of an e-mail, see Hortala ¶ [0033], that comprises a “suitable manner.”
Regarding Claim 8
Gondi-Sharma-Hortala-Archer discloses the system of claim 1, and Gondi further discloses 
wherein the selected source code is a zip file containing a set of files or at least one folder (Col. 11:37-52, “In one embodiment, the request includes a package file (for example, a compressed file, a ZIP file, a RAR file, etc.) containing the [selected] source code and any libraries [as a set of files] (and/or identifications of storage locations thereof),”).  
Regarding Claim 13
Gondi-Sharma-Hortala-Archer discloses the computer-implemented method of claim 9, and Gondi further discloses
further comprising: …1.
a …initiating a security scan on the selected source code… (Col. 2:39-56, “Referring to FIG. 1, embodiments of the present disclosure may operate within or upon a computing environment 100 in which users (e.g., developers, website visitors, etc.) of user computing devices 102A and 102B may [initiat[e] and] submit [selected] source code (e.g., source code 110 and 112) for analysis [or scanning] to one or more servers (e.g., servers 120A and 120B) that may execute one or more static analysis programs (e.g., static analysis programs 170A and 170B),” and Col. 16:60-17:18, “Within the computing environment 290, the [security] scanning service system 294 may perform static analysis of [the selected] source code”)
Archer further discloses
	1 presenting a right mouse button menu option for …a via a single activation of a mouse button (¶¶ [0022]-[0023], “The GUI 105 can allow user requests through buttons, tabs, menus, mouse-clicks, and other user interactive methods,” noting Archer doesn’t explicitly disclose “a right mouse button menu option” and “a single activation of a mouse button,” but these limitations are routinely used in computing and would be obvious to one skilled in the art.  See See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”). 
	Regarding the combination of Gondi-Sharma-Hortala and Archer, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 13.
Regarding Claim 16
Gondi-Sharma-Hortala-Archer discloses the computer-implemented method of claim 16, and Gondi further discloses 
further comprising: receiving user login information at a backend to log to the results component (Col. 3:18-55, “while in other embodiments the IDE and/or the system may be based on and/or executing from one or more servers (e.g., the servers 120A-B [as the backend] or another application server) that are remote from the user devices 102A-B (i.e., a cloud-based system),” Col. 7:57-8:4, “For example, the network-accessible services system 210 or various constituents thereof could implement various Web services components, hosted or “cloud” computing environments [that require user login information], and/or peer-to-peer network configurations to implement at least a portion of the processes described herein,” and Col. 15:23-46, “In some embodiments, electronic data store 280 may be used to store results [associated with the results component as further disclosed by Hortala ¶ [0033]], generated during the static analysis by the network-accessible services system 210,” i.e., Gondi and Hortala are silent about a login to the backend of a computer system within the cloud; however, it would be obvious to one skilled in the art that a login is a basic component of cloud/computer security to prevent unauthorized access to data, such as that possessed by the results component, see MPEP § 2141(III)); and 
in response to receiving the user login information at the backend to log in (Cols. 3:18-55, 7:57-8:4, & 15:23-46), displaying the summary scan results report to the user (Col. 19:3-14, “At 406, the system can generate results of the static analysis of the first source code for review by a [authenticated] user of the system (e.g., a developer). In some embodiments, the results can be formatted in any suitable format according to the analysis techniques applied, the file and operating systems of the target application(s), user-supplied parameters, and the like,” i.e., it would be obvious to one skilled in the art to authenticate the user by at least employing user login information to review results to prevent the unauthorized access to data/results).

Regarding Independent Claims 9 and 17
With respect to independent claims 9 and 17, a corresponding reasoning as given earlier for independent claim 1 and dependent claim 7 (with respect to e-mail address/account as a limitation that is absent in claim 1) applies, mutatis mutandis, to the subject matter of claims 9 and 17. Therefore, claims 9 and 17 are rejected, for similar reasons, under the grounds set forth for claims 1 and 7.
Regarding Dependent Claims 10 and 18
With respect to dependent claims 10 and 18, a corresponding reasoning as given earlier for dependent claim 2 applies, mutatis mutandis, to the subject matter of claims 10 and 18. Therefore, claims 10 and 18 are rejected, for similar reasons, under the grounds set forth for claim 2. 
Regarding Dependent Claim 11
With respect to dependent claim 11, a corresponding reasoning as given earlier for dependent claim 3 applies, mutatis mutandis, to the subject matter of claim 11. Therefore, claim 11 is rejected, for similar reasons, under the grounds set forth for claim 3. 
Regarding Dependent Claim 12
With respect to dependent claim 12, a corresponding reasoning as given earlier for dependent claim 6 applies, mutatis mutandis, to the subject matter of claim 12. Therefore, claim 12 is rejected, for similar reasons, under the grounds set forth for claim 6.


Regarding Dependent Claim 14
With respect to dependent claim 14, a corresponding reasoning as given earlier for dependent claim 4 applies, mutatis mutandis, to the subject matter of claim 14. Therefore, claim 14 is rejected, for similar reasons, under the grounds set forth for claim 4.
Regarding Dependent Claim 15
With respect to dependent claim 15, a corresponding reasoning as given earlier for dependent claim 5 applies, mutatis mutandis, to the subject matter of claim 15. Therefore, claim 15 is rejected, for similar reasons, under the grounds set forth for claim 5.
Regarding Dependent Claim 19
With respect to dependent claim 19, a corresponding reasoning as given earlier for dependent claim 8 applies, mutatis mutandis, to the subject matter of claim 19. Therefore, claim 19 is rejected, for similar reasons, under the grounds set forth for claim 8.
Regarding Dependent Claim 20
With respect to dependent claim 20, a corresponding reasoning as given earlier for dependent claim 7 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491