Analyzing target software for security vulnerabilities

What is claimed is: 1 . A method of analyzing target software for security vulnerabilities comprising, with a processor: scanning a codebase of a target software using a static analysis scan to identify a number of security flaws, and calculating a number of code metrics of the codebase of the target software for a number of iterations over a period of time to obtain a number of historical scans; and analyzing a number of correlations between security flaw evolution and a number of the code metrics. 2 . The method of claim 1 , in which scanning the codebase of the target software further comprises obtaining runtime security information from the runtime environment of a version of the target software for a number of iterations over a period of time to obtain a number of additional historical scans. 3 . The method of claim 1 , further comprising prioritizing a number of security flaws based on the correlations between the security flaw evolution and the code metrics. 4 . The method of claim 1 , further comprising predicting risks associated with the codebase based on the correlations between the security flaw evolution and the code metrics. 5 . The method of claim 1 , further comprising storing the historical scans in a historical scan database. 6 . The method of claim 1 , in which the number of iterations is a plurality iterations. 7 . A system for analyzing target software for security vulnerabilities comprising: a processor; a data storage device coupled to the processor, the data storage device comprising: a static analysis module to scan a codebase of a target software to identify a number of security flaws; a runtime security module to obtain runtime security information from the runtime environment of a version of the target software; and a code metrics module to calculate a number of code metrics of the codebase of the target software; and a historical scan database for storing a number of historical scans over a number of iterations over a period of time, the historical scans comprising results of at least one of the static analysis module, runtime security module, and code metrics module. 8 . The system of claim 7 , further comprising a security correlation module to analyze a number of correlations between security flaw evolution and a number of the code metrics stored within the historical scan database. 9 . The system of claim 7 , further comprising a security flaw prioritization module to prioritize a number of security flaws based a number of correlations between the security flaw evolution and the code metrics. 10 . The system of claim 7 , further comprising a security flaw prediction module to predict risks associated with the codebase based on the correlations between the security flaw evolution and the code metrics. 11 . The system of claim 7 , further comprising a server, in which the functionality of the system is provided as a Software as a Service (SaaS), a Platform as a Service (PaaS), a Infrastructure as a Service (IaaS), an application program interface (API) as a service (APIaaS) or combinations thereof via the server. 12 . A computer program product for analyzing target software for security vulnerabilities, the computer program product comprising: a non-transitory computer readable storage medium comprising computer usable program code embodied therewith, the computer usable program code comprising: computer usable program code to, when executed by at least one processor, analyze a number of correlations between a number of static analysis scans, a number of code metrics, and a number of runtime security scans determined from target software; and computer usable program code to, when executed by the at least one processor, prioritize a number of security flaws based on the correlations. 13 . The computer program product of claim 11 , further comprising computer usable program code to, when executed by the at least one processor, predict security flaws associated with the target software based on the correlations. 14 . The computer program product of claim 11 , further comprising: computer usable program code to, when executed by the at least one processor, scan a codebase of the target software using static analysis to identify a number of security flaws in the static analysis scans; and computer usable program code to, when executed by the at least one processor, calculate a number of code metrics of an codebase of the target software. 15 . The computer program product of claim 11 , further comprising computer usable program code to, when executed by the at least one processor, obtain runtime security information from a runtime environment of the target software.