English
Related papers

Related papers: Unlocking Reproducibility: Automating re-Build Pro…

200 papers

Rebuilding packages from open source is a common practice to improve the security of software supply chains, and is now done at an industrial scale. The basic principle is to acquire the source code used to build a package published in a…

Software Engineering · Computer Science 2026-02-24 Jens Dietrich , Behnaz Hassanshahi

Modern software projects depend on many third-party libraries, complicating reproducible and secure builds. Several package managers address this with the generation of a lockfile that freezes dependency versions and can be used to verify…

Software Engineering · Computer Science 2025-10-07 Larissa Schmid , Elias Lundell , Yogya Gamage , Benoit Baudry , Martin Monperrus

The increasing complexity of software supply chains and the rise of supply chain attacks have elevated concerns around software integrity. Users and stakeholders face significant challenges in validating that a given software artifact…

Software Engineering · Computer Science 2025-11-12 Aman Sharma , Benoit Baudry , Martin Monperrus

The Maven Central ecosystem forms the backbone of Java dependency management, hosting artifacts that vary significantly in their adoption, security, and ecosystem roles. Artifact reuse is fundamental in software development, with ecosystems…

Software Engineering · Computer Science 2025-04-17 Mehedi Hasan Shanto , Muhammad Asaduzzaman , Manishankar Mondal , Shaiful Chowdhury

Although it is possible to increase confidence in Free and Open Source Software (FOSS) by reviewing its source code, trusting code is not the same as trusting its executable counterparts. These are typically built and distributed by…

Software Engineering · Computer Science 2021-04-14 Chris Lamb , Stefano Zacchiroli

Build automation tools and package managers have a profound influence on software development. They facilitate the reuse of third-party libraries, support a clear separation between the application's code and its external dependencies, and…

Software Engineering · Computer Science 2023-05-08 César Soto-Valero , Nicolas Harrand , Martin Monperrus , Benoit Baudry

Build verifiability refers to the property that the build of a software system can be verified by independent third parties and it is crucial for the trustworthiness of a software system. Various efforts towards build verifiability have…

Software Engineering · Computer Science 2022-02-15 Jiawen Xiong , Yong Shi , Boyuan Chen , Filipe R. Cogo , Zhen Ming , Jiang

Understanding the structural characteristics and connectivity patterns of large-scale software ecosystems is critical for enhancing software reuse, improving ecosystem resilience, and mitigating security risks. In this paper, we investigate…

Software Engineering · Computer Science 2025-08-20 Daniel Ogenrwot , John Businge , Shaikh Arifuzzaman

The Maven Central Repository provides an extraordinary source of data to understand complex architecture and evolution phenomena among Java applications. As of September 6, 2018, this repository includes 2.8M artifacts (compiled piece of…

Software Engineering · Computer Science 2019-01-17 Amine Benelallam , Nicolas Harrand , César Soto Valero , Benoit Baudry , Olivier Barais

In modern software ecosystems, dependency management plays a critical role in ensuring secure and maintainable applications. However, understanding the relationship between release practices and their impact on vulnerabilities and update…

Software Engineering · Computer Science 2025-04-01 Md Shafiullah Shafin , Md Fazle Rabbi , S. M. Mahedy Hasan , Minhaz F. Zibran

The widespread use of package managers like Maven has accelerated software development but has also introduced significant security risks due to vulnerabilities in dependencies. In this study, we analyze the prevalence and impact of…

Software Engineering · Computer Science 2025-04-08 Ehtisham Ul Haq , Song Wang , Robert S. Allison

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can…

Cryptography and Security · Computer Science 2025-10-27 Daniel Hugenroth , Mario Lins , René Mayrhofer , Alastair Beresford

Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses and the propagation of…

Software Engineering · Computer Science 2023-10-11 Jens Dietrich , Shawn Rasheed , Alexander Jordan , Tim White

Reproducible Builds (R-B) guarantee that rebuilding a software package from source leads to bitwise identical artifacts. R-B is a promising approach to increase the integrity of the software supply chain, when installing open source…

Software Engineering · Computer Science 2026-01-30 Julien Malka , Stefano Zacchiroli , Théo Zimmermann

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

Software Bills of Materials (SBOMs) are essential to ensure the transparency and integrity of the software supply chain. There is a growing body of work that investigates the accuracy of SBOM generation tools and the challenges for…

Software Engineering · Computer Science 2025-11-18 Yogya Gamage , Nadia Gonzalez Fernandez , Martin Monperrus , Benoit Baudry

Maven artifacts are immutable: an artifact that is uploaded on Maven Central cannot be removed nor modified. The only way for developers to upgrade their library is to release a new version. Consequently, Maven Central accumulates all the…

Software Engineering · Computer Science 2019-08-28 César Soto-Valero , Amine Benelallam , Nicolas Harrand , Olivier Barais , Benoit Baudry

In response to challenges in software supply chain security, several organisations have created infrastructures to independently build commodity open source projects and release the resulting binaries. Build platform variability can…

Cryptography and Security · Computer Science 2025-04-10 Jens Dietrich , Tim White , Behnaz Hassanshahi , Paddy Krishnan

Reproducible builds are a set of software development practices that establish an independently verifiable path from source code to binary artifacts, helping to detect and mitigate certain classes of supply chain attacks. Although quantum…

Quantum Physics · Physics 2025-10-03 Iyán Méndez Veiga , Esther Hänggi

Reproducibility is the ability of recreating identical binaries under pre-defined build environments. Due to the need of quality assurance and the benefit of better detecting attacks against build environments, the practice of reproducible…

Software Engineering · Computer Science 2018-03-20 Zhilei Ren , He Jiang , Jifeng Xuan , Zijiang Yang
‹ Prev 1 2 3 10 Next ›