Filters

2021 - 20222
Reset filters

Settings

Subject: GitHub

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Recommending Whom to Follow on GitHub
    (North Dakota State University, 2021) Sarwar, Muhammad Usman
    Social networking activities on GitHub allow the construction of interesting interaction networks. One such network is `follow-network' which enables an effective information dissemination process. As a result, GitHub users are bombarded with stacks of information which also puts the users at risk of information overload. This motivates us to recommend the relevant user such that developers are only provided with the relevant information. In this work, we present an attributed network embedding based framework to recommend whom to follow on GitHub. This is a challenging task due to the complex social network structure of the developers. In particular, we first construct a developers' `follow-network'. Further, we extract the node embeddings of each node and feed these embeddings to a K-nearest Neighbour classifier. We validate our approach on the developers of three popular programming languages (C++, Python, and Java). We were able to achieve promising results with an F1-score of 72%.
  • No Thumbnail Available
    Item
    Analysis of Java's Common Vulnerabilities and Exposures in GitHub's Open-Source Projects
    (North Dakota State University, 2022) Akanmu, Semiu
    Java developers rely on code reusability because of its time and effort reduction advantage. However, they are exposed to vulnerabilities in publicly available open-source software (OSS) projects. This study employed a multi-stage research approach to investigate the extent to which open-source Java projects are secured. The research process includes text analysis of Java’s Common Vulnerabilities and Exposures (CVE) descriptions and static code analysis using GitHub’s CodeQL. This study found (a) cross-site scripting, (b) buffer overflow (though analyzed as array index out of bounds), (c) data deserialization, (d) input non-validation for an untrusted object, and (e) validation method bypass as the prevalent Java’s vulnerabilities from the MITRE CVEs. The static code analysis of the compatible seven (7) Java projects out of the 100 top projects cloned from GitHub revealed a 71.4% presence of the array index out-of-bounds vulnerability.