English
Related papers

Related papers: The Effectiveness of Security Interventions on Git…

200 papers

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

GitHub provides developers with a practical way to distribute source code and collaboratively work on common projects. To enhance account security and privacy, GitHub allows its users to manage access permissions, review audit logs, and…

Cryptography and Security · Computer Science 2024-09-11 Costanza Alfieri , Juri Di Rocco , Paola Inverardi , Phuong T. Nguyen

GitHub recommends that projects adopt a security file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the…

Software Engineering · Computer Science 2025-10-17 Rintaro Kanaji , Brittany Reid , Yutaro Kashiwa , Raula Gaikovina Kula , Hajimu Iida

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository…

Software Engineering · Computer Science 2025-04-29 Anupam Sharma , Sreyashi Karmakar , Gayatri Priyadarsini Kancherla , Abhishek Bichhawat

When working with Git, a popular version-control system, email addresses are part of the metadata for each individual commit. When those commits are pushed to remote hosting services like GitHub, those email addresses become visible not…

Cryptography and Security · Computer Science 2019-08-21 David Knothe , Frederick Pietschmann

Commit signing is a principal mechanism for verifying the origin of code in software supply chains. Security frameworks treat it as a core trust signal, assuming developers sign their commits consistently with keys they control and keep…

Software Engineering · Computer Science 2026-05-01 Abubakar Sadiq Shittu , John Sadik , Farzin Gholamrezae , Scott Ruoti

In open-source projects, anyone can contribute, so it is important to have an active continuous integration and continuous delivery (CI/CD) pipeline in addition to a protocol for reporting security concerns, especially in projects that are…

Software Engineering · Computer Science 2023-10-16 Jessy Ayala , Joshua Garcia

GitHub Actions is a widely used platform to automate the build and deployment of software projects through configurable workflows. As the platform's popularity grows, it also becomes a target of choice for software supply chain attacks.…

Software Engineering · Computer Science 2026-03-18 Madjda Fares , Yogya Gamage , Benoit Baudry

[This paper has been withdrawn by the author due to updated research available on arXiv (arXiv:1811.01918)] As the modern open-source paradigm makes it easier to contribute to software projects, the number of developers involved in these…

Software Engineering · Computer Science 2020-04-14 Filipe Falcão , Caio Barbosa , Baldoino Fonseca , Alessandro Garcia , Márcio Ribeiro

GitHub is a popular data repository for code examples. It is being continuously used to train several AI-based tools to automatically generate code. However, the effectiveness of such tools in correctly demonstrating the usage of…

Cryptography and Security · Computer Science 2022-11-28 Catherine Tony , Nicolás E. Díaz Ferreyra , Riccardo Scandariato

The GitHub platform has fueled the creation of truly global software, enabling contributions from developers across various geographical regions of the world. As software becomes more entwined with global politics and social regulations, it…

Software Engineering · Computer Science 2024-04-09 Youmei Fan , Ani Hovhannisyan , Hideaki Hata , Christoph Treude , Raula Gaikovina Kula

Due to the voluntary nature of open source software, it can be hard to find a developer to work on a particular task. For example, some issue reports may be too cumbersome and unexciting for someone to volunteer to do them, yet these issue…

Software Engineering · Computer Science 2019-04-08 Jiayuan Zhou , Shaowei Wang , Cor-Paul Bezemer , Ying Zou , Ahmed E. Hassan

Marketplaces for distributing software products and services have been getting increasing popularity. GitHub, which is most known for its version control functionality through Git, launched its own marketplace in 2017. GitHub Marketplace…

Software Engineering · Computer Science 2022-08-02 Sk Golam Saroar , Waseefa Ahmed , Maleknaz Nayebi

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse…

Software Engineering · Computer Science 2026-04-21 Yuli Cheng , Xiaoyu Zhang , Jiongchi Yu , Shiqing Ma , Chao Shen , Yang Liu

In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are…

Cryptography and Security · Computer Science 2025-01-30 Jessy Ayala , Yu-Jye Tung , Joshua Garcia

Millions of developers share their code on open-source platforms like GitHub, which offer social coding opportunities such as distributed collaboration and popularity-based ranking. Software engineering researchers have joined in as well,…

Software Engineering · Computer Science 2024-04-08 Kamel Alrashedy , Ahmed Binjahlan

Automated tools are frequently used in social coding repositories to perform repetitive activities that are part of the distributed software development process. Recently, GitHub introduced GitHub Actions, a feature providing automated…

Software Engineering · Computer Science 2024-01-24 Timothy Kinsman , Mairieli Wessel , Marco A. Gerosa , Christoph Treude

With the urgent need to secure supply chains among Open Source libraries, attention has focused on mitigating vulnerabilities detected in these libraries. Although awareness has improved recently, most studies still report delays in the…

Software Engineering · Computer Science 2024-06-18 Ruksit Rojpaisarnkit , Hathaichanok Damrongsiri , Christoph Treude , Ali Ouni , Raula Gaikovina Kula
‹ Prev 1 2 3 10 Next ›