Deep learning (DL)–based software vulnerability detection faces critical challenges including poor generalizability, limited interpretability, and inconsistent evaluation protocols. Method: We systematically review 34 representative studies published between 2017 and 2024, proposing the first conceptual “Vulnerability Detection Lifecycle” framework comprising six stages—data construction, vulnerability granularity definition, code representation, model design, evaluation, and deployment—to enable systematic modeling and cross-study comparability. Our analysis integrates static/dynamic analysis, word embeddings, graph neural networks (GNNs), LSTMs/Transformers, and multimodal representations. Contribution/Results: We empirically identify persistent bottlenecks—including label noise and insufficient cross-project generalization—and establish a unified theoretical framework, methodological guidelines, and an engineering roadmap for DL-driven vulnerability detection, thereby advancing both research rigor and practical deployment.

The pervasive nature of software vulnerabilities has emerged as a primary factor for the surge in cyberattacks. Traditional vulnerability detection methods, including rule-based, signature-based, manual review, static, and dynamic analysis, often exhibit limitations when encountering increasingly complex systems and a fast-evolving attack landscape. Deep learning (DL) methods excel at automatically learning and identifying complex patterns in code, enabling more effective detection of emerging vulnerabilities. This survey analyzes 34 relevant studies from high-impact journals and conferences between 2017 and 2024. This survey introduces the conceptual framework Vulnerability Detection Lifecycle for the first time to systematically analyze and compare various DL-based vulnerability detection methods and unify them into the same analysis perspective. The framework includes six phases: (1) Dataset Construction, (2) Vulnerability Granularity Definition, (3) Code Representation, (4) Model Design, (5) Model Performance Evaluation, and (6) Real-world Project Implementation. For each phase of the framework, we identify and explore key issues through in-depth analysis of existing research while also highlighting challenges that remain inadequately addressed. This survey provides guidelines for future software vulnerability detection, facilitating further implementation of deep learning techniques applications in this field.