Deep Neural Networks (DNNs) are being adopted as components in software systems.
Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the …

Third-party libraries with rich functionalities facilitate the fast development of JavaScript
software, leading to the explosive growth of the NPM ecosystem. However, it also brings …

Software ecosystems play an important role in modern software development, providing an
open platform of reusable packages that speed up and facilitate development tasks …

Reusable software libraries, frameworks, and components, such as those provided by open-
source ecosystems and third-party suppliers, accelerate digital innovation. However, recent …

The npm registry is one of the pillars of the JavaScript and Type-Script ecosystems, hosting
over 1.7 million packages ranging from simple utility libraries to complex frameworks and …

This paper systematizes knowledge about secure software supply chain patterns. It identifies
four stages of a software supply chain attack and proposes three security properties crucial …

Third-party libraries (TPLs) are frequently reused in software to reduce development cost
and the time to market. However, external library dependencies may introduce …

The software product is a source of cyber-attacks that target organizations by using their
software supply chain as a distribution vector. As the reliance of software projects on open …

As the largest package registry, Node Package Manager (NPM) has become the prime
target for various supply chain attacks recently and has been flooded with numerous …

GitHub Actions was introduced as a way to automate CI/CD workflows in GitHub, the largest
social coding platform. Thanks to its deep integration into GitHub, GitHub Actions can be …