English
Related papers

Related papers: How Compliant Are GitHub Actions Workflows? A Chec…

200 papers

GitHub workflows or GitHub CI is a popular continuous integration platform that enables developers to automate various software engineering tasks by specifying them as workflows, i.e., YAML files with a list of jobs. However, engineering…

Software Engineering · Computer Science 2024-03-20 Xinyu Zhang , Siddharth Muralee , Sourag Cherupattamoolayil , Aravind Machiry

GitHub Actions (GA) has become the de facto tool that developers use to automate software workflows, seamlessly building, testing, and deploying code. Yet when GA fails, it disrupts development, causing delays and driving up costs.…

Software Engineering · Computer Science 2025-01-29 Pablo Valenzuela-Toledo , Chuyue Wu , Sandro Hernandez , Alexander Boll , Roman Machacek , Sebastiano Panichella , Timo Kehrer

Continuous Integration and Continuous Deployment (CI/CD) have become fundamental to modern software development, with GitHub Actions (GHA) emerging as a dominant automation platform. In this study, we analyze real-world execution records of…

Software Engineering · Computer Science 2026-04-21 Ali Khatami , Carolin Brandt , Andy Zaidman

Continuous Integration (CI) has evolved from a tooling strategy to a fundamental mindset in modern CI engineering. It enables teams to develop, test, and deliver software rapidly and collaboratively. Among CI services, GitHub Actions (GHA)…

Software Engineering · Computer Science 2025-07-25 Edward Abrokwah , Taher A. Ghaleb

Continuous Integration (CI) services, such as GitHub Actions, require developers to write YAML-based configurations, which can be tedious and error-prone. Despite the increasing use of Large Language Models (LLMs) to automate software…

Software Engineering · Computer Science 2025-07-24 Taher A. Ghaleb , Dulina Rathnayake

The demand for quick and reliable DevOps operations pushed distributors of repository platforms to implement workflows. Workflows allow automating code management operations directly on the repository hosting the software. However, this…

Cryptography and Security · Computer Science 2022-11-11 Giacomo Benedetti , Luca Verderame , Alessio Merlo

Developers often struggle with maintaining GitHub Actions workflow configurations in GitHub-hosted repositories, with recent studies showing frequent execution failures. This paper empirically explores how the adoption and evolution of…

Software Engineering · Computer Science 2026-05-27 Aref Talebzadeh Bardsiri , Alexandre Decan , Tom Mens

CI/CD practices play a significant role during collaborative software development by automating time-consuming and repetitive tasks such as testing, building, quality checking, dependency and security management. GitHub Actions, the CI/CD…

Software Engineering · Computer Science 2026-03-03 Pooya Rostami Mazrae , Alexandre Decan , Tom Mens , Mairieli Wessel

The auditing of financial documents, historically a labor-intensive process, stands on the precipice of transformation. AI-driven solutions have made inroads into streamlining this process by recommending pertinent text passages from…

GitHub Continuous Integration (CI) workflows increasingly integrate Large Language Models (LLMs) to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow…

Cryptography and Security · Computer Science 2026-05-08 Bonan Ruan , Yeqi Fu , Chuqi Zhang , Jiahao Liu , Jun Zeng , Zhenkai Liang

GitHub Actions (GA) is an orchestration platform that streamlines the automatic execution of software engineering tasks such as building, testing, and deployment. Although GA workflows are the primary means for automation, according to our…

Software Engineering · Computer Science 2024-09-05 Pablo Valenzuela-Toledo , Alexandre Bergel , Timo Kehrer , Oscar Nierstrasz

Large Language Models (LLMs) are increasingly deployed to resolve real-world GitHub issues. However, despite their potential, the specific failure modes of these models in complex repair tasks remain poorly understood. To characterize how…

Software Engineering · Computer Science 2026-05-13 Yanjie Jiang , Yian Huang , Guancheng Wang , Junjie Chen , Hui Liu , Lionel Briand

GitHub Actions is a widely used platform to automate the build and deployment of software projects through configurable workflows. As the platform's popularity grows, it also becomes a target of choice for software supply chain attacks.…

Software Engineering · Computer Science 2026-03-18 Madjda Fares , Yogya Gamage , Benoit Baudry

In open-source projects, anyone can contribute, so it is important to have an active continuous integration and continuous delivery (CI/CD) pipeline in addition to a protocol for reporting security concerns, especially in projects that are…

Software Engineering · Computer Science 2023-10-16 Jessy Ayala , Joshua Garcia

Significant focus has been placed on integrating large language models (LLMs) with various tools in developing general-purpose agents. This poses a challenge to LLMs' tool-use capabilities. However, there are evident gaps between existing…

Computation and Language · Computer Science 2024-11-25 Jize Wang , Zerun Ma , Yining Li , Songyang Zhang , Cailian Chen , Kai Chen , Xinyi Le

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik

Beyond scratch coding, exploiting large-scale code repositories (e.g., GitHub) for practical tasks is vital in real-world software development, yet current benchmarks rarely evaluate code agents in such authentic, workflow-driven scenarios.…

With the advancement of Large Language Models (LLMs), their application in Software Quality Assurance (SQA) has increased. However, the current focus of these applications is predominantly on ChatGPT. There remains a gap in understanding…

Software Engineering · Computer Science 2024-09-04 Ratnadira Widyasari , David Lo , Lizi Liao

In the digital era, accidental exposure of sensitive information such as API keys, tokens, and credentials is a growing security threat. While most prior work focuses on detecting secrets in source code, leakage in software issue reports…

Software Engineering · Computer Science 2026-04-17 Sadif Ahmed , Md Nafiu Rahman , Zahin Wahab , Gias Uddin , Rifat Shahriyar

Large Language Models (LLMs) have been suggested for use in automated vulnerability repair, but benchmarks showing they can consistently identify security-related bugs are lacking. We thus develop SecLLMHolmes, a fully automated evaluation…

Cryptography and Security · Computer Science 2024-07-25 Saad Ullah , Mingji Han , Saurabh Pujar , Hammond Pearce , Ayse Coskun , Gianluca Stringhini
‹ Prev 1 2 3 10 Next ›