Use of GNN to automate SSDLC Alert Dismissal Review Process

The work grew out of a very practical problem: the AppSec team was drowning in security scanning alerts but still occasionally missed real issues that had been dismissed as false positives. Wanted to present a way not just to tune individual tools, but to look across CodeQL, OWASP ZAP, GHAS secret scanning, and other scanners and understand where the triage process itself was failing. That led to the idea of treating the entire alert history as a graph, where alerts, code files, services, dependencies, users, and incidents are all connected nodes linked by data flows, temporal relationships, and shared context. From there, the team designed a JSON schema to normalize alerts from different tools, built a heterogeneous graph on top of that data, and implemented a graph neural network to learn patterns that distinguish correctly closed alerts from those that later turned out to be genuine issues.