DETAILED ACTION
This action is in response to the initial claims filed 12/22/2020.  Claims 1-20 are pending.  Independent claims 1, 8 and 16, and corresponding dependent claims are directed towards a system, method and device for correlation between source code repositories and web endpoints.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Specification
The disclosure is objected to because of the following informalities:	[0002] the first recitation of the acronyms HTTP, HTTPS, JSON and HTML are not expanded;	[0005] the first recitation of the acronym DOM is not expanded;	[0026] the first recitation of the acronym XML is not expanded;	[0027] the first recitation of the acronym URL is not expanded;	[0029] the first recitation of the acronym API is not expanded;	[0037] the first recitation of the acronym JS is not expanded;	[0047] the first recitation of the acronym XHTML is not expanded;	[0058] l. 5 “version 1” should read “version v1”;	[0075] the first recitation of the acronyms RAM, ROM, EEPROM and CD-ROM are not expanded; and	[0080] l. 1 “A system is disclosed comprising: one or more processor; and a memory; one or more programs…” should read “A system is disclosed comprising: one or more processor; [[and]] a memory; and one or more programs…” for grammar.	Appropriate correction is required.
Claim Objections
Claims 1-2 and 11-12 are objected to because of the following informalities, shown with suggested amendments:	Claim 1 l. 2 “one or more processors; [[and]] a memory; and” for grammar as “memory” is not the last element of the list;	Claim 2 l. 3 “identity” should be “identify”;	Claim 11 ll. 2-3 recite “applying a weight to each unique token of the source code repository and each unique token of the web endpoint”, however, the “weight” values are never used for computation or matching; and	Claim 12 ll. 1-3 further limits the “weight” values, but they are not used for computation or matching.	Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-7 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claim 1 ll. 13-15 recites “relate, the source code repository with the web endpoint and/or the web endpoint with the source code repository, upon a high correlation detected between the fingerprints of the source code repository and the fingerprints of the web endpoint” of which the term “high correlation” is a relative term which renders the claim indefinite. The term “high correlation” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  As such, the “relate” step of claim 1 is rendered indefinite.  However, per [0057] of the specification, the term “high” is defined in association with the term “correlation coefficient” as a value that exceeds a threshold.  Therefore, for purposes of applying prior art the limitation has been construed as “relate, the source code repository with the web endpoint and/or the web endpoint with the source code repository, upon a high correlation coefficient computed  between the fingerprints of the source code repository and the fingerprints of the web endpoint” (Claim 16 used as guidance).
Claims 2-7 incorporate the deficiencies of claim 1, through dependency, and are therefore also rejected.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 16-20 rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claim 16, the claimed invention is drawn to a “device” comprising a “processor”.  Which can be broadly interpreted as various types of software (software modules, virtualized hardware, data, programming code, etc.).  Although the claimed “processor” is coupled to an unclaimed “memory”, the “processor” could embody a virtual device/virtual processor that is coupled/interfaced via unclaimed hardware to the memory.  Thus, it is not clear whether the “processor” of the “device” is a tangibly-embodied structural feature, or software, per se.  As such the invention does not fall within at least one of the four categories of patent eligible subject matter recited in 35 U.S.C § 101 (process, machine, manufacture or composition of matter).  Examiner notes that claiming the “memory” or indicating the processor is “hardware” (e.g. “hardware processor”) would overcome the rejection provided there is support within the disclosure.
Claims 17-20 further fail to recite any positive structural limitations to overcome the 35 U.S.C. §101 issues of claim 16 discussed above, and are also rejected.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claim 16-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Krishnan et al. (US 2020/0153850 A1), published May 14, 2020.

As to claim 16, Krishnan discloses a device (Krishnan Fig. 1 item 101 computing system with centralized trust authority), comprising:	a processor (Krishan Fig. 6 item 601; [0052] processor) coupled to a memory (Krishan Fig. 6 item 603; [0053] medium);	wherein the processor is configured to execute instructions stored in the memory (Krishan Fig. 6 item 605; [0053] medium storing software for execution) that perform acts that:		aggregate unique tokens found in source code files of a source code repository (Krishnan [0024] determine unique identities for registered web resources; [0030] fingerprints for identifying web objects including values of variable and constants; [0038] static analysis of source code) and unique tokens found in content of a web endpoint (Krishnan [0030] web object submitted is uniquely identified using fingerprints including values of variable and constants);		compute a correlation coefficient for the source code repository and the web endpoint, wherein a high correlation coefficient represents an association between the source code repository and the web endpoint, wherein the correlation coefficient is based on a number of matches between the unique tokens of the source code repository and the unique tokens of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation – degree of acceptable tolerance defined by user)); and		upon detection of a security vulnerability with the source code repository or the web endpoint, use the correlation coefficient of the source code repository or the web endpoint to find a related source code repository or related web endpoint (Krishnan [0043] third party supplies web page for analysis and matching security profile (showing vulnerabilities of related source code) is returned to third party)).
As to claim 17, Krishnan discloses the invention as claimed as described in claim 16, including wherein the processor is configured to execute instructions stored in the memory to perform acts that:	aggregate public-facing entities of the source code files of the source code repository (Krishnan [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters) and public-facing entities of the web endpoint (Krishnan [0030]; [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters); and	wherein the computation of the correlation coefficient is based further on a number of matches of the public-facing entities of the source code repository with the public-facing entities of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation – degree of acceptable tolerance defined by user)).
As to claim 18, Krishnan discloses the invention as claimed as described in claim 16, including wherein the processor is configured to execute instructions stored in the memory to perform acts that:	aggregate attribute-value pairs from Document Object Model (DOM) elements of a rendered web page of the web endpoint (Krishnan [0030] abstract syntax tree of web page submitted for analysis/comparison  – abstract syntax tree of a web resource is effectively a DOM tree; [0024] leaf nodes of abstract syntax trees have values) and attribute-values pairs of DOM elements of a source code repository (Krishnan [0024] & [0038] object fingerprinting algorithms and the creation of abstract syntax trees used to determine unique identity for web resource – abstract syntax tree of a web resource is effectively a DOM tree; [0024] leaf nodes of abstract syntax trees have values); and	wherein the computation of the correlation coefficient is based further on a number of matches of the attribute-value pairs of a web endpoint with the attribute-value pairs of the source code repository (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation – degree of acceptable tolerance defined by user)).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2. 4-5, 8-10 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (US 2020/0153850 A1), published May 14, 2020, in view of Holz et al. (US 2018/0157842 A1), published Jun. 7, 2018.

As to claim 1, Krishnan substantially discloses a system (Krishnan Fig. 1 item 101 computing system with centralized trust authority) comprising:	one or more processors (Krishan Fig. 6 item 601; [0052] processor);	a memory (Krishan Fig. 6 item 603; [0053] medium); and	one or more programs, wherein the one or more programs are stored in the memory and are configured to be executed by the one or more processors (Krishan Fig. 6 item 605; [0053] medium storing software), the one or more programs including instructions that:		find fingerprints of a source code repository (Krishnan [0018] continued ingestion of source code form open-source repositories; [0014] object fingerprinting techniques), wherein the fingerprints of the source code repository include at least one of a unique combination of public-facing entities of the source code repository (Krishnan [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters), unique tokens of the source code repository (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants; [0038] static analysis of source code), or unique Document Object Model (DOM) characteristics of the source code repository (Krishnan [0024] & [0038] object fingerprinting algorithms and the creation of abstract syntax trees used to determine unique identity for web resource – abstract syntax tree of a web resource is effectively a DOM tree);		find fingerprints of a web endpoint (Krishnan [0030] compare fingerprints of submitted web object with stored fingerprints of web resources), wherein the fingerprints of the web endpoint include at least one of a unique combination of public-facing entities of the web endpoint (Krishnan [0030]; [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters), unique tokens of the web endpoint (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants), or unique DOM characteristics of the web endpoint (Krishnan [0030] abstract syntax tree);		relate, the source code repository with the web endpoint and/or the web endpoint with the source code repository, upon a high correlation detected between the fingerprints of the source code repository and the fingerprints of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation); [0043] third party supplies web page for analysis and matching security profile is returned to third party);		detect a security vulnerability with the web endpoint, identify the related source code repository (Krishnan [0043] third party supplies web page for analysis, any matching web resources(repositories) are identified, and security profile describing found vulnerabilities of both third party web paged and associated web resource is returned to third party); and		detect a security vulnerability with the source code repository, identify the related web endpoint (Krishnan [0043] third party supplies web page for analysis, any matching web resources(repositories) are identified, and security profile describing found vulnerabilities of both third party web paged and associated web resource is returned to third party).	Krishnan fails to disclose upon detection of a security vulnerability with the web endpoint, identify the related source code repository; and upon detection of a security vulnerability with the source code repository, identify the related web endpoint.	Holz describes amalgamating code vulnerabilities across projects.	With this in mind, Holz discloses upon detection of a security vulnerability via a scan of an application or source code (Holz [0029] scan plurality of applications and identify security vulnerability in the source code of one application; [0114] identify security vulnerability via SAST (source code), IAST (while application is run) or DAST scans (while application is run)), identifying related source code and any applications using the source code (Holz [0034] source code repository and management (SCRAM) system, stores and tracks versions of source code, and instances of source code in various applications; [0035] repository vulnerability cataloging system that correlates the output from an application scanner with that of the SCRAM system to identify insecure source code and consumers of source code; Fig. 4E; [0118] viewing source code 420 having the security vulnerability and a graphical representation of the applications where the source code & vulnerability across multiple applications are located).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the correlation and tracking system of Holz with the centralized trust authority of Krishnan, such that web endpoints are scanned and correlated to source code and other web endpoints using the source code, as it would advantageously make it easier to identify where discovered security vulnerabilities reside (Holz [0027]).
As to claim 2, Krishnan and Holz disclose the invention as claimed as described in claim 1, including wherein the one or more programs include further instructions that:	identity the unique combination of public-facing entities of the web endpoint through DOM web scraping (Krishnan [0043] scraping techniques used to fetch all web object used in submitted web page).
As to claim 4, Krishnan and Holz disclose the invention as claimed as described in claim 1, including wherein the unique tokens of the source code repository include static values of source code files of the source code repository (Krishnan [0030] values of constants).
As to claim 5, Krishnan and Holz disclose the invention as claimed as described in claim 1, including wherein the unique tokens of the web endpoint include attribute-value pairs of a rendered web page (Holz [0043] user supplies web page for analysis which is scraped for web objects, libraries, scripts, etc. which are used to query central trust authority via API calls; [0030] queries have identifying information that is compared against web resources, including variable values).
As to claim 8, Krishnan substantially discloses a method (Krishnan [Abstract]), performed on a computing device (Krishnan Fig. 1 item 101 computing system with centralized trust authority) having a processor and a memory (Krishan Fig. 6 item 601 and 603; [0052] processor; [0053] medium), the method comprising:	identifying a relationship between a web endpoint and a source code repository based on fingerprints of the source code repository matching fingerprints of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation); [0043] third party supplies web page for analysis and matching security profile is returned to third party), wherein the fingerprints of the source code repository include unique tokens found in source code files of the source code repository (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants; [0038] static analysis of source code), wherein the fingerprints of the web endpoint include unique tokens found in dynamic content of the web endpoint (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants; [0019] dynamic analysis);	detection of a security vulnerability with the source code repository (Krishnan [0014] determine vulnerabilities of registered web resources);	obtaining a web endpoint for analysis of a security vulnerability with the web endpoint (Krishnan [0043] third party supplies web page for analysis, upon analysis a matching security profile with any found vulnerabilities is returned to third party); and 	detection of a security vulnerability with the web endpoint (Krishnan [0040] submitted web page not found in repository, analyze web page to create security profile which would have discovered vulnerabilities);	obtaining a source code repository for analysis of a security vulnerability with the source code repository (Krishnan [0018] third-party makes their web objects (repositories) publicly available which are continuously crawled and downloaded into web resources).	Krishnan fails to explicitly disclose upon detection of a security vulnerability with the source code repository, obtaining the related web endpoint for analysis of the security vulnerability with the related web endpoint; and upon detection of a security vulnerability with the web endpoint, obtaining the related source code repository for analysis of the security vulnerability with the related source code repository.	Holz discloses upon detection of a security vulnerability via a scan of an application or source code (Holz [0029] scan plurality of applications and identify security vulnerability in the source code of one application; [0114] identify security vulnerability via SAST (source code), IAST (while application is run) or DAST scans (while application is run)), obtaining related source code and any information of applications using the source code (Holz [0034] source code repository and management (SCRAM) system, stores and tracks versions of source code, and instances of source code in various applications; [0035] repository vulnerability cataloging system that correlates the output from an application scanner with that of the SCRAM system to identify insecure source code and consumers of source code; Fig. 4E; [0118] viewing source code 420 having the security vulnerability and a graphical representation of the applications where the source code & vulnerability across multiple applications are located; [0042] obtaining security vulnerability information at a larger scale is made available for viewing and processing including automated patching/fixing of multiple instances of security vulnerabilities across consumers).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the correlation and tracking system of Holz with the centralized trust authority of Krishnan, such that web endpoints are scanned and correlated to source code and other web endpoints using the source code, and that vulnerability information relating to the source code and web endpoint is made available for processing, as it would advantageously make it easier to remediate security vulnerabilities across multiple projects by automating remediation and identifying responsible parties (Holz [0028]).
As to claim 9, Krishnan and Holz disclose the invention as claimed as described in claim 8, including wherein the fingerprints of the source code repository include unique combinations of publicly-facing entities of the source code repository (Krishnan [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters), wherein the fingerprints of the web endpoint include unique combinations of public-facing entities of the web endpoint (Krishnan [0030]; [0038] unique identities determined from dependency analysis between components, libraries and runtime parameters).
As to claim 10, Krishnan and Holz disclose the invention as claimed as described in claim 8, including wherein the dynamic content of the web endpoint includes attribute-value pairs of a rendered web page of the web endpoint (Holz [0043] user supplies web page for analysis which is scraped for web objects, libraries, scripts, etc. which are used to query central trust authority via API calls; [0030] queries have identifying information that is compared against web resources, including variable values).
As to claim 14, Krishnan and Holz disclose the invention as claimed as described in claim 9, including further comprising:	matching a combination of publicly-facing entities based on a version of a publicly-facing entity of the source code repository matching a same or later version of a same publicly-facing entity of the web endpoint (Krishnan [0024] matching version numbers of web resources).
As to claim 15, Krishnan and Holz disclose the invention as claimed as described in claim 8, including wherein the unique tokens of the source code repository are static values (Krishnan [0030] values of constants), wherein the unique tokens of the web endpoint are attribute-value pairs of a Document Object Model (DOM) element (Krishnan [0030] abstract syntax tree of web page submitted for analysis/comparison  – abstract syntax tree of a web resource is effectively a DOM tree; [0024] leaf nodes of abstract syntax trees have values).
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (US 2020/0153850 A1), published May 14, 2020, in view of Holz et al. (US 2018/0157842 A1), published Jun. 7, 2018, in view of Stackoverflow “Displaying a NuGet package's dependencies”, published Jan. 17, 2017.
As to claim 3, Krishnan and Holz substantially disclose the invention as claimed as described in claim 1, including wherein the one or more programs include further instructions that: identify the unique combination of public-facing entities of the source code repository through package lists (Krishnan [0036] web resources package list and JavaScript library package list are processed to extract the identified resources for analysis).	Krishnan and Holz fail to explicitly disclose using package managers to identify public-facing entities.	Stackoverflow describes how to display a package’s dependencies. 	With this in mind, Stackoverflow discloses using package managers to identify public-facing entities (Stackoverflow pg. 1 Answer 1 showing use of a package manager to list a package’s dependencies).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the use of a package manager of Stackoverflow with the crawling and web scraping of Krishnan and Holz, such that public-facing entities (i.e. libraries or dependencies) of packages (i.e. archive file for deployment) are discovered using a package manager, as it would advantageously allow for access to an otherwise inaccessible package and any dependencies that might otherwise be missed.
Claims 6, 11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (US 2020/0153850 A1), published May 14, 2020, in view of Holz et al. (US 2018/0157842 A1), published Jun. 7, 2018, in view of Martini et al. (US 9,390,268 B1), issued Jul. 12, 2016.
As to claim 6, Krishnan and Holz substantially disclose the invention as claimed as described in claim 1, including identify a relationship between the source code repository and the web endpoint based on fingerprints of the source code repository that match fingerprints of the web endpoint (Krishnan [0043] third party supplies web page for analysis and matching security profile (showing vulnerabilities of related source code) is returned to third party)).	Krishnan and Holz fail to explicitly disclose applying a weight to each fingerprint; and identifying a relationship based on a weighted sum of fingerprints that match.	Martini describes software program identification based on program behavior.	With this in mind, Martini discloses applying a weight to each signature; and identifying based on a weighted sum of fingerprints that match (Martini col. 10 ll. 26-50 each signature can be assigned a mark and a summation of all marked signatures weights may be made, which is compared to a threshold to determine a metric).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the signature weighting of Martini with the web resource and web object fuzzy matching of Krishnan, such that weight values are assigned to various matching elements (i.e. tokens) and used to influence the identification of a match and a relationship, as it would advantageously allow for biasing a matching process to produce more effective results (Martini col. 3 ll. 16-30).
As to claim 11, Krishnan and Holz substantially disclose the invention as claimed as described in claim 8, including further comprising:	computing a correlation coefficient based on unique tokens of the source code repository (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants; [0038] static analysis of source code) matching unique tokens of the web endpoint (Krishnan [0030] fingerprints for identifying web objects including values of variable and constants; [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation – degree of acceptable tolerance defined by user)); and	relating the web endpoint to the source code repository based on the correlation coefficient (Krishnan [0043] third party supplies web page for analysis and matching security profile (showing vulnerabilities of related source code) is returned to third party)).	Krishnan and Holz fail to explicitly disclose applying a weight to each unique token of the source code repository and each unique token of the web endpoint.	Martini discloses applying a weight to each signature; and wherein the computation of the correlation coefficient is a weighted sum of the matches (Martini col. 10 ll. 26-50 each signature can be assigned a mark and a summation of all marked signatures weights may be made, which is compared to a threshold to determine a metric).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the signature weighting of Martini with the web resource and web object fuzzy matching of Krishnan and Holz, such that weight values are assigned to various matching elements (i.e. tokens) and used to influence the identification of a match and a relationship, as it would advantageously allow for biasing a matching process to produce more effective results (Martini col. 3 ll. 16-30).
As to claim 13, Krishnan and Holz substantially disclose the invention as claimed as described in claim 9, including further comprising: establishing a relationship between the web endpoint and the source code repository based on matched fingerprints (Krishnan [0043] third party supplies web page for analysis and matching security profile (showing vulnerabilities of related source code) is returned to third party)).	Krishnan and Holz fail to explicitly disclose applying a weight to each fingerprint; and establishing a relationship based on a weighted sum of matched fingerprints	Martini discloses applying a weight to each signature; and establishing based on a weighted sum of matched fingerprints (Martini col. 10 ll. 26-50 each signature can be assigned a mark and a summation of all marked signatures weights may be made, which is compared to a threshold to determine a metric).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the signature weighting of Martini with the web resource and web object fuzzy matching of Krishnan and Holz, such that weight values are assigned to various matching elements (i.e. tokens) and used to influence the identification of a match and a establish a relationship, as it would advantageously allow for biasing a matching process to produce more effective results (Martini col. 3 ll. 16-30).
Claims 7 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (US 2020/0153850 A1), published May 14, 2020, in view of Holz et al. (US 2018/0157842 A1), published Jun. 7, 2018, in view of Martini et al. (US 9,390,268 B1), issued Jul. 12, 2016, in view of Ponte (US 2005/0108325 A1), published May 19, 2005
As to claim 7, Krishnan, Holz and Martini substantially disclose the invention as claimed as described in claim 6, failing, however, to explicitly disclose wherein the weight of a unique token of the source code repository and a unique token of the web endpoint is based on frequency of occurrence of a value of the unique token.	Ponte describes page aggregation for web sites.	With this in mind, Ponte discloses assigning a weight based upon frequency of occurrence of a value (Ponte [0126] terms found in a web page assigned score based on frequency of occurrence in relevant pages – used to determine if term is common by comparing this score to a score of the term based upon frequency of occurrence in non-relevant pages).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the frequency weighting of Ponte with the fingerprint matching of Krishnan, Holz and Martini, such that the weight assigned to values is based upon the frequency of that value’s occurrence, as it would advantageously assist in separating values able to uniquely identify from values that are considered common and non-identifying (Ponte [0126]).
As to claim 12, Krishnan, Holz and Martini substantially disclose the invention as claimed as described in claim 11, failing, however, to explicitly disclose generating the weight of each unique token based on a frequency of occurrence of a unique token.	Ponte discloses assigning a weight based upon frequency of occurrence of a value (Ponte [0126] terms found in a web page assigned score based on frequency of occurrence in relevant pages – used to determine if term is common by comparing this score to a score of the term based upon frequency of occurrence in non-relevant pages).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the frequency weighting of Ponte with the fingerprint matching of Krishnan, Holz and Martini, such that the weight assigned to values is based upon the frequency of that value’s occurrence, as it would advantageously assist in separating values able to uniquely identify from values that are considered common and non-identifying (Ponte [0126]).
Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (US 2020/0153850 A1), published May 14, 2020, in view of Martini et al. (US 9,390,268 B1), issued Jul. 12, 2016.
As to claim 19, Krishnan substantially discloses the invention as claimed as described in claim 16, including wherein the computation of the correlation coefficient is a sum of the matches between the unique tokens of the source code repository and the unique tokens of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation); [0043] third party supplies web page for analysis and matching security profile is returned to third party).	Krishnan fails to explicitly disclose applying a weight to each unique token; and wherein the computation of the correlation coefficient is a weighted sum of the matches.	Martini discloses applying a weight to each signature; and wherein the computation of the correlation coefficient is a weighted sum of the matches (Martini col. 10 ll. 26-50 each signature can be assigned a mark and a summation of all marked signatures weights may be made, which is compared to a threshold to determine a metric).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the signature weighting of Martini with the web resource and web object fuzzy matching of Krishnan, such that weight values are assigned to various matching elements (i.e. tokens) and used to influence the identification of a match, as it would advantageously allow for biasing a matching process to produce more effective results (Martini col. 3 ll. 16-30).
As to claim 20, Krishnan substantially discloses the invention as claimed as described in claim 17, including wherein the computation of the correlation coefficient is a sum of the matches between the unique tokens of the source code repository and the unique tokens of the web endpoint and matches between the unique combination of public-facing entities of the source code repository and the public-facing entities of the web endpoint (Krishnan [0029]-[0030] security profile for web objects maintained by centralized trust authority indexed by unique identities – queried by third party with web object, fuzzy fingerprint matching (i.e. fingerprinting where degree of similarity reaches a threshold, high correlation); [0043] third party supplies web page for analysis and matching security profile is returned to third party).	Krishnan fails to explicitly disclose apply a weight to each public-facing entity; and wherein the computation of the correlation coefficient is a weighted sum of the matches.	Martini discloses applying a weight to each signature; and wherein the computation of the correlation coefficient is a weighted sum of the matches (Martini col. 10 ll. 26-50 each signature can be assigned a mark and a summation of all marked signatures weights may be made, which is compared to a threshold to determine a metric).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the signature weighting of Martini with the web resource and web object fuzzy matching of Krishnan, such that weight values are assigned to various matching elements (i.e. libraries) and used to influence the identification of a match, as it would advantageously allow for biasing a matching process to produce more effective results (Martini col. 3 ll. 16-30).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Herman et al. (US 2020/0142674 A1) is related to parsing web endpoint source code.
Berg et al. (US 2007/0234304 A1) is related to detecting vulnerabilities in source code.
Shekyan et al. (US 2019/0007444 A1) is related to vulnerability mitigation in web content.
Gass et al. (US 2011/0283270 A1) is related to analyzing changes in application code.
Richardson et al. (US 2017/0147810 A1) is related to determining source of side-loaded software using signature of authorship.
Chawla et al. (US 2018/0191764 A1) is related to automatic-webpage change detection.
Kane et al. (US 2014/0281535 A1) is related to preventing information from being extracted from a webpage.
Carmack et al. (US 2018/0074818 A1) is related to source code mapping web requests of a running application.
Madou et al. (US 2013/0160131 A1) is related to application security testing.
Gonzalez et al. (US 2012/0180024 A1) is related to synchronizing development code and deployed executable versioning with distributed systems.
Klinger et al. (US 2008/0098360 A1) is related to automatically determining relationships between software artifacts using multiple evidence sources.
Davis et al. (US 10,484,419 B1) is related to classifying software modules based on fingerprinting code fragments.
Seth et al. (US 2021/0319026 A1) is related to defining attribute feature vectors for matching data entities.
Carpenter et al. (US 6,269,153 B1) is related to automatic call routing.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC W SHEPPERD whose telephone number is (571)270-5654.  The examiner can normally be reached on Monday - Thursday, Alt. Friday, 7:30AM - 5:00PM, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Eric W Shepperd/Primary Examiner, Art Unit 2492