English
Related papers

Related papers: Unpacking Security Scanners for GitHub Actions Wor…

200 papers

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

GitHub introduced "Actions" in 2019 to increase workflow velocity and add customized automation to the repositories. Any individual can develop Actions for automating workflow on GitHub repositories and others can reuse them whenever open…

Software Engineering · Computer Science 2023-03-08 Sk Golam Saroar , Maleknaz Nayebi

Developers often struggle with maintaining GitHub Actions workflow configurations in GitHub-hosted repositories, with recent studies showing frequent execution failures. This paper empirically explores how the adoption and evolution of…

Software Engineering · Computer Science 2026-05-27 Aref Talebzadeh Bardsiri , Alexandre Decan , Tom Mens

GitHub natively supports workflow automation through GitHub Actions. Yet, workflow maintenance is often considered a burden for software developers, who frequently face difficulties in writing, testing, debugging, and maintaining workflows.…

Software Engineering · Computer Science 2026-04-13 Hassan Onsori Delicheh , Guillaume Cardoen , Alexandre Decan , Tom Mens

In open-source projects, anyone can contribute, so it is important to have an active continuous integration and continuous delivery (CI/CD) pipeline in addition to a protocol for reporting security concerns, especially in projects that are…

Software Engineering · Computer Science 2023-10-16 Jessy Ayala , Joshua Garcia

Automated tools are frequently used in social coding repositories to perform repetitive activities that are part of the distributed software development process. Recently, GitHub introduced GitHub Actions, a feature providing automated…

Software Engineering · Computer Science 2024-01-24 Timothy Kinsman , Mairieli Wessel , Marco A. Gerosa , Christoph Treude

GitHub Actions (GHA) CI workflows are critical infrastructure, but current tooling offers only syntactic or heuristic checks and does not enforce documented best practices for security, maintainability, or performance. Consequently, issues…

Software Engineering · Computer Science 2026-05-05 Edward Abrokwah , Taher A. Ghaleb

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse…

Software Engineering · Computer Science 2026-04-21 Yuli Cheng , Xiaoyu Zhang , Jiongchi Yu , Shiqing Ma , Chao Shen , Yang Liu

Modern software projects use automated CI/CD pipelines to streamline their development, build, and deployment processes. GitHub Actions is a popular CI/CD platform that enables project maintainers to create custom workflows -- collections…

Cryptography and Security · Computer Science 2025-12-15 Mojtaba Moazen , Amir. M Ahmadian , Musard Balliu

CI/CD practices play a significant role during collaborative software development by automating time-consuming and repetitive tasks such as testing, building, quality checking, dependency and security management. GitHub Actions, the CI/CD…

Software Engineering · Computer Science 2026-03-03 Pooya Rostami Mazrae , Alexandre Decan , Tom Mens , Mairieli Wessel

Continuous Integration and Continuous Deployment (CI/CD) have become fundamental to modern software development, with GitHub Actions (GHA) emerging as a dominant automation platform. In this study, we analyze real-world execution records of…

Software Engineering · Computer Science 2026-04-21 Ali Khatami , Carolin Brandt , Andy Zaidman

Large-scale software development has become a highly collaborative and geographically distributed endeavour, especially in open-source software development ecosystems and their associated developer communities. It has given rise to modern…

Software Engineering · Computer Science 2023-05-18 Mairieli Wessel , Tom Mens , Alexandre Decan , Pooya Rostami Mazrae

In 2017, GitHub was the first online open source platform to show security alerts to its users. It has since introduced further security interventions to help developers improve the security of their open source software. In this study, we…

Cryptography and Security · Computer Science 2023-09-27 Felix Fischer , Jonas Höbenreich , Jens Grossklags

With the increasing concern for security in the network, many approaches are laid out that try to protect the network from unauthorised access. New methods have been adopted in order to find the potential discrepancies that may damage the…

Cryptography and Security · Computer Science 2014-03-28 Sheetal Bairwa , Bhawna Mewara , Jyoti Gajrani

Web services are becoming business-critical components, often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow the detection of security vulnerabilities in web services by stressing the…

Cryptography and Security · Computer Science 2022-12-26 Osejobe Ehichoya , Chinwuba Christian Nnaemeka

Software quality is an important problem for technology companies, since it substantially impacts the efficiency, usefulness, and maintainability of the final product; hence, code review is a must-do activity for software developers. During…

Social and Information Networks · Computer Science 2022-10-11 Abduljaleel Al-Rubaye , Gita Sukthankar

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

Vulnerabilities in open-source software can cause cascading effects in the modern digital ecosystem. It is especially worrying if these vulnerabilities repeat across many projects, as once the adversaries find one of them, they can scale up…

Cryptography and Security · Computer Science 2025-05-27 Jafar Akhoundali , Hamidreza Hamidi , Kristian Rietveld , Olga Gadyatskaya

GitHub Actions (GA) is an orchestration platform that streamlines the automatic execution of software engineering tasks such as building, testing, and deployment. Although GA workflows are the primary means for automation, according to our…

Software Engineering · Computer Science 2024-09-05 Pablo Valenzuela-Toledo , Alexandre Bergel , Timo Kehrer , Oscar Nierstrasz

GitHub, renowned for facilitating collaborative code version control and software production in software teams, expanded its services in 2017 by introducing GitHub Marketplace. This online platform hosts automation tools to assist…

Software Engineering · Computer Science 2024-07-09 SK Golam Saroar , Waseefa Ahmed , Elmira Onagh , Maleknaz Nayebi
‹ Prev 1 2 3 10 Next ›