Project Details
Reliable and automated code-based analysis of Open-Source Dependencies (Reaktor) (T05#)
Subject Area
Software Engineering and Programming Languages
Term
since 2024
Project identifier
Deutsche Forschungsgemeinschaft (DFG) - Project number 160364472
In this transfer project, we explore how techniques from the quality assurance of services in on-the-fly service markets can be applied to the pressing problem of securely managing open-source dependencies in large software-development ecosystems in a reliable and automated fashion. To this end, novel techniques will be developed and evaluated that enable dependency-scanning tools to reliably detect and mitigate the inclusion of known-to-be-vulnerable third-party dependencies within software compositions. The project aims to build an open-source tool chain called REAKTOR to support the secure development of applications and services in an automated way. In principle, these developments should enable the precise, efficient, and especially reliable analysis of software artifacts on a large scale. The effectiveness of the developed techniques will be validated in a real environment at the partner company SAP SE.
DFG Programme
Collaborative Research Centres (Transfer Project)
Applicant Institution
Universität Paderborn
Business and Industry
SAP Deutschland SE & Co. KG
Project Head
Professor Dr. Eric Bodden