Resources


- This page proposes links to articles or external resources addressing FASTEN main topic "software dependencies" or other key points of the project (e.g. Call Graphs). Please contact us if you have some ideas of resources to add to this list. 

Articles and blog posts

- Establishing a software bill of materials-SBOM, IT Business Edge, September 2021

- How Gitlab package hunter presvents supply chain attacks?, Makeuseof, September 2021

- A production-readiness check list for software development, TechTarget, April 2021

- Big Code has a direct impact on the business outcomes, ZDnet, October 2020

- How to start with DevSecOps?, Security Boulevard, September 2020

- The risks associated with OSS and how to mitigate them?, Security Boulevard, August 2020

- Security at every Step: A guide to DevSecOps shifting left and GitOps (by GitHub), GitHub Blog, August 2020

- How to pivot from DevOps to DevSecOps?, TechTarget, August 2020

- Vulnerabilities declining in open source but slow patching, Dark Reading, June 2020

- State of software security: open source edition - key takeaways for developers, Security Boulevard, June 2020

- Exploring relatioship between npm javascript: an evolution, Science Times, June 2020

- Open source security report finds library-induced flaws in 70% of applications, TechRepublic, May 2020

- Out-of-date, insecure open-source software is everywhere, ZDnet.fr, May 2020

- Call graph example from Sourcetrail. See the video presentation, March 2019. 

- Catching Vulnerabilities Instantly in Your IntelliJ IDEA Environment, Blog post from Brian Vermeer, Developer Advocate at Snyk, March 2019.

- Our Software Dependency Problem , by Russ Cox, Research!src Blog Article, January 2019.

- Promising new metrics to track maintainibility, Jaxcenter, January 2019. 

- Evolution of Species and Software: What Is a Dependency Graph?, Evolutionnews.org, August 2018.

- How to check package dependencies with Aptr-depends tool?, Tech Republic, April 2018. 

- Introducing the FASTEN project, Georgios Gousios Blog, October 2018. 

Academic Papers related to Package Management

- Back to the Past - Analysing Backporting Practices in Package Dependency Networks, IEEE Transactions on Software Engineering, September 2021

- Systematic Comparison of Six Open-Source Java Call GraphConstruction Tools, 14th International Conference on Software and Data Technologies (ICSOFT), Prague, Czech Republic, July 2019

- Analyzing 2.3 Million Maven Dependencies toReveal an Essential Core in APIs, Scientific paper submitted on Aujust 29, 2019. 

- Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs, Scientific paper published at the conference ISSTA, Beijing, China, July 15-19, 2019.  

- A method to generate traverse paths for eliciting missing requirements - 2019

- Automatic Software Dependency Management using Blockchain - July 2018

- On the use of package managers by the C++ open-source community - April 2018

- SPAM: a Secure Package Manager - April 2017

- A look at the dynamics of the JavaScript package ecosystem - May 2016

- On the topology of package dependency networks: a comparison of three programming language ecosystems - November 2016

- When It Breaks, It Breaks: How Ecosystem Developers Reason about the Stability of Dependencies - November 2015

- A historical analysis of Debian package incompatibilities - May 2015

- Mining component repositories for installability issues - May 2015

- How the Apache community upgrades dependencies: an evolutionary study - October 2015