DETAILED ACTION
This action is in response to the initial claims filed 5/15/2020.  Claims 1-19 are pending.  Independent claims 1, 10 and 19, and corresponding dependent claims are directed towards a system, method and non-transitory computer-readable medium for blocking insecure code with locking.  Claims 10-19 are allowed.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Information Disclosure Statement
The information disclosure statement filed 8/9/2021 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed.  The IDS has been considered, but the specific references cited below have not been considered:	“Transferring Data Between Plesk Servers” – copy is not legible.
Specification
The disclosure is objected to because of the following informalities: pg. 1 l. 18 there is an open parenthesis “(“ with no corresponding closed parenthesis “)”; pg. 6 l. 16 the acronym API is not expanded; pg. 7 l. 2 “of the software artifact 202 that correspond to the vulnerability 304” as the term “without” does not make sense in the context of the sentence; pg. 9 l. 4 “ensure that myArray[i] has sufficient memory allocated” for grammar; and pg. 10 ll. 8-9 “For example, where encryption is used” for grammar.	Appropriate correction is required.
Claim Objections
Claims 10 and 19 are objected to because of the following informalities, shown with suggested amendments:  Claim 10 l. 4 “produce” should be “producing”; Claim 19 l. 6 “produce” should be “producing”.	Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-9 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claim 1, the claimed invention is drawn to a “system” comprising a “repository interface”, a “security scanner” and an “encoder”.  Which can be broadly interpreted as various types of software (software modules, virtualized hardware, data, programming code, etc.).  Thus, it is not clear whether the claimed elements of the “system” are tangibly-embodied structural features, or software, per se.  As such the invention does not fall within at least one of the four categories of patent eligible subject matter recited in 35 U.S.C § 101 (process, machine, manufacture or composition of matter).
Claims 2-9 further fail to recite any positive structural limitations to overcome the 35 U.S.C. §101 issues of claim 1 discussed above, and are also rejected.
Allowable Subject Matter
Claims 10-19 allowed.
Claim 1 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. § 101, set forth in this Office action.
Claims 2-9 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. § 101, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
Regarding claims 1, 10 and 19, and their dependent claims, the prior art of record fails to disclose or fairly suggest, in combination, a system, method or non-transitory computer-readable medium in which an artifact for building a software asset retrieved from a repository, scanned for a security vulnerability, then if a security vulnerability is detected the artifact is reversibly modified such that it is unusable for building the software asset to replace the original asset in the repository, in the specific manner and combination as recited in claims 1, 10 and 19.
The closest prior art of record, Pandit et al. (US 2019/0250893 A1) is related to performing amelioration actions on undesired code used in an application based upon risk.  Amelioration actions include modification & deletion of code and prevention of compilation.  Pandit fails to disclose scanning for vulnerabilities and modification by replacement of code such that the code is “unusable for building”.
Another prior art of record, Norton et al. (US 10,628,584 B1) is related to static analysis of source code and rejection of compilation of code with detected vulnerabilities.  Norton fails to disclose modification by replacement of code such that the code is “unusable for building”.
Another prior art of record, Stella et al. (US 2014/0053273 A1) is related to limiting exploitable sub-components in software. By removing the exploitable sub-component or linkage to sub-component from a calling component.  No modification of the component or replacement in the repository is disclosed.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Gondi (US 10,459,822 B1) is related to remote static analysis of source code.
Sharma et al. (US 2016/0180096 A1) is related to static analysis of code for security vulnerabilities.
Archer et al. (US 2014/0208431 A1) is related to security analysis of software.
Papaxenopoulos et al. (US 2018/0336356 A1) is related to auto-remediation for security vulnerabilities in source code.
Siman (US 2010/0083240 A1) is related to scanning obfuscated source code.
Barouni Ebrahimi et al. (US 2018/0293386 A1) is related to scanning for security vulnerabilities then disabling portions of code associated with detected vulnerabilities.
Hill et al. (US 9,208,316 B1) is related to removing security vulnerabilities from source code.
Bates et al. (US 9,720,657 B2) is related to management of code assertions.
Rohde et al. (US 2010/0325620 A1) is related to detection of injection vulnerabilities in software code.
Merrill et al. (US 8,943,423 B2) is related to a software development application that will not allow building of an application while detected errors are unresolved.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC W SHEPPERD whose telephone number is (571)270-5654.  The examiner can normally be reached on Monday - Thursday, Alt. Friday, 7:30AM - 5:00PM, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Eric W Shepperd/Primary Examiner, Art Unit 2492