Software is continually increasing in size and complexity, and therefore, vulnerability discovery would benefit from techniques that identify potentially vulnerable regions within large code bases, as this allows for easing vulnerability detection tools by reducing their search space. Previous work has explored the use of conventional code-quality and complexity metrics in highlighting suspicious sections of (source) code. Recently, researchers also proposed to reduce the vulnerability search space by studying code property with neural networks. However, previous work generally failed in leveraging the rich metadata available for long-running, large code repositories. In this paper, we present an approach (Bran) to reduce the vulnerability ...