vuduclyunitn / software_supply_chain_papers
This repository contains a list of papers about software supply chain
☆25Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for software_supply_chain_papers
- A reimplementation of LastPyMile: A Python-based library to Identify the differences between build artifacts of PyPI packages and the res…☆15Updated 2 years ago
- A C/C++ dependency scanner☆37Updated 11 months ago
- ☆50Updated 10 months ago
- ☆23Updated last year
- ISSTA'23 - Third-party Library Dependency for Large-scale SCA in the C/C++ Ecosystem: How Far Are We?☆27Updated last year
- Home page of project "KB"☆113Updated 3 weeks ago
- Public version of CNEPS☆17Updated 9 months ago
- MoreFixes: A Large-Scale Dataset of CVE Fix Commits Mined through Enhanced Repository Discovery☆15Updated last week
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆122Updated 2 years ago
- ☆50Updated 3 years ago
- VFCFinder: Searching for the Missing Vulnerability Fixing Commits☆21Updated 11 months ago
- The public dataset in the paper "PatchDB: A Large-Scale Security Patch Dataset". This paper appears in the 51st Annual IEEE/IFIP Interna…☆37Updated last year
- ☆33Updated 2 years ago
- ☆28Updated last month
- Artifact accompanying our ICSE '22 paper "Practical Automated Detection of Malicious npm Packages"☆39Updated 2 years ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆71Updated 3 weeks ago
- holding data and processing code for the paper 'A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lesso…☆20Updated 4 years ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆22Updated 2 years ago
- VUDDY: A Scalable and Accurate Vulnerable Code Clone Detector (S&P'17)☆51Updated 5 months ago
- HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs☆40Updated 2 years ago
- A deep learning model for localizing bugs in C/C++ source code (USENIX'23)☆137Updated last year
- Python library for CPGQL server☆22Updated 5 months ago
- the datasets and source code of the paper 《LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries》☆23Updated 6 months ago
- B2SFinder is a binary-to-source matching tool for OSS reuse detection on COTS software. This project contains the core code of B2SFinder …☆54Updated 5 years ago
- Datasets of the paper: Detecting "0-Day" Vulnerability: An Empirical Study of Secret Security Patch in OSS☆18Updated 5 years ago
- Research artifact for Oakland (S&P) 2022, "BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning"☆32Updated last month
- ☆88Updated 3 weeks ago
- A vulnerability patch gathering tool☆40Updated 5 years ago
- ReDeBug Source Code.☆24Updated 11 months ago
- This repository is to support contributions for tools and new data entries for the D2A dataset hosted in DAX☆64Updated 2 years ago