Method, System, and Computer Program Product for Identifying Library Vulnerabilities

What is claimed is: 1 . A method, comprising: obtaining, with at least one processor, a library; obtaining, with the at least one processor, from at least one external data source, information associated with at least one vulnerability associated with the library; generating, with the at least one processor, based on the information associated with the at least one vulnerability associated with the library, at least one rule associated with the at least one vulnerability; training, with the at least one processor, at least one machine learning model, with the at least one rule associated with the at least one vulnerability; scanning, with the at least one processor, based on the at least one rule associated with the at least one vulnerability, at least one application that uses the library to identify whether the at least one application includes the at least one vulnerability; and providing, with the at least one processor, an indication of whether the at least one application that uses the library includes the at least one vulnerability. 2 . The method of claim 1 , wherein the information associated with the at least one vulnerability includes at least one of the following: a name or identifier associated with the library, a vulnerability type associated with the at least one vulnerability, a description associated with the at least one vulnerability, a time of discovery associated with the at least one vulnerability, a complexity level associated with the at least one vulnerability, a code pattern associated with the at least one vulnerability, or any combination thereof. 3 . The method of claim 2 , wherein obtaining, from the at least one external data source, the information associated with the at least one vulnerability associated with the library includes: retrieving, with an Open Worldwide Application Security Project (OWASP) dependency check tool, the information associated with the at least one vulnerability associated with the library. 4 . The method of claim 2 , wherein obtaining, from the at least one external data source, the information associated with the at least one vulnerability associated with the library includes: aggregating, from a plurality of websites, using a web crawler, the information associated with the at least one vulnerability associated with the library. 5 . The method of claim 2 , wherein obtaining, from the at least one external data source, the information associated with the at least one vulnerability associated with the library includes: decompiling the library to generate source code associated with the library; and querying, based on the source code associated with the library, the at least one external data source for one or more code patterns associated with the source code. 6 . The method of claim 1 , wherein scanning, based on the at least one rule associated with the at least one vulnerability, the at least one application that uses the library to identify whether the at least one application includes the at least one vulnerability includes: generating, based on the at least one rule, at least one dynamic application security testing (DAST) pattern; and scanning, using a DAST tool, the at least one application according to the at least one DAST pattern. 7 . The method of claim 1 , further comprising: obtaining, with the at least one processor, further information associated with the library; providing, with the at least one processor, as input to the at least one machine learning model, the further information associated with the library, and receiving, as output from the at least one machine learning model, an indication as to whether one or more rules associated with one or more vulnerabilities associated with the further information associated with the library have already been generated; and in response to the indication that the one or more rules associated with the further information associated with the library have already been generated, with the at least one processor: scan, based on the one or more rules, the at least one application that uses the library to identify whether the at least one application includes the one or more vulnerabilities; and provide a further indication of whether the at least one application that uses the library includes the one or more vulnerabilities. 8 . A system, comprising: at least one processor coupled to a memory and configured to: obtain a library; obtain, from at least one external data source, information associated with at least one vulnerability associated with the library; generate, based on the information associated with the at least one vulnerability associated with the library, at least one rule associated with the at least one vulnerability; train at least one machine learning model with the at least one rule associated with the at least one vulnerability; scan, based on the at least one rule associated with the at least one vulnerability, at least one application that uses the library to identify whether the at least one application includes the at least one vulnerability; and provide an indication of whether the at least one application that uses the library includes the at least one vulnerability. 9 . The system of claim 8 , wherein the information associated with the at least one vulnerability includes at least one of the following: a name or identifier associated with the library, a vulnerability type associated with the at least one vulnerability, a description associated with the at least one vulnerability, a time of discovery associated with the at least one vulnerability, a complexity level associated with the at least one vulnerability, a code pattern associated with the at least one vulnerability, or any combination thereof. 10 . The system of claim 9 , wherein the at least one processor is configured to obtain, from the at least one external data source, the information associated with the at least one vulnerability associated with the library by: retrieving, with an Open Worldwide Application Security Project (OWASP) dependency check tool, the information associated with the at least one vulnerability associated with the library. 11 . The system of claim 9 , wherein the at least one processor is configured to obtain, from the at least one external data source, the information associated with the at least one vulnerability associated with the library by: aggregating, from a plurality of websites, using a web crawler, the information associated with the at least one vulnerability associated with the library. 12 . The system of claim 9 , wherein the at least one processor is configured to obtain, from the at least one external data source, the information associated with the at least one vulnerability associated with the library by: decompiling the library to generate source code associated with the library; and querying, based on the source code associated with the library, the at least one external data source for one or more code patterns associated with the source code. 13 . The system of claim 8 , wherein the at least one processor is configured to scan, based on the at least one rule associated with the at least one vulnerability, the at least one application that uses the library to identify whether the at least one application includes the at least one vulnerability by: generating, based on the at least one rule, at least one dynamic application security testing (DAST) pattern; and scanning, using a DAST tool, the at least one application according to the at least one DAST pattern. 14 . The system of claim 8 , wherein the at least one processor is fur