EASE 2024
Tue 18 - Fri 21 June 2024 Salerno, Italy
Thu 20 Jun 2024 11:00 - 11:15 at Room Vietri - Mining Software Repositories Chair(s): Giuseppe Destefanis

GitHub’s dependency graph shows dependency relationships between repositories. This feature is leveraged by tools such as Dependabot, or GitHub’s feature to export SBOM (Software Bill of Materials) files. Also, it has been used in empirical studies. Inaccuracies in the dependency graph might negatively affect both the effectiveness of tools and the results of the conducted studies. In this paper, we present the results of a mining study to assess the accuracy of GitHub’s dependency graph in Java and Python open-source software projects. In particular, on April 16th, 2023, we randomly sampled 297 software projects developed in Java and 338 developed in Python (all hosted on GitHub), each using GitHub’s dependency graph. Then, we performed three analyses to assess how accurate GitHub’s dependency graph is: (i)~backward analysis, focusing on the accuracy of the dependencies of a given repository, as reported in GitHub’s dependency graph; (ii)~forward analysis, focusing on the accuracy of the dependents of a given repository, as reported in GitHub’s dependency graph; and (iii)~manifest/lock file analysis, focusing on the correspondence between the dependencies reported in the dependency graph of a given repository and what was reported in the corresponding manifest/lock files. The obtained results highlight several inaccuracies in GitHub’s dependency graph, which might affect the output of tools based on GitHub’s dependency graph (e.g., Dependabot and SBOM generators) as well as the outcomes of past empirical studies. We also provide qualitative insights into these inaccuracies and implications for practitioners and researchers.

Thu 20 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Mining Software RepositoriesResearch Papers / Journal-first at Room Vietri
Chair(s): Giuseppe Destefanis Brunel University London
11:00
15m
Talk
On the Accuracy of GitHub's Dependency Graph
Research Papers
Daniele Bifolco University of Sannio, Sabato Nocera Department of Computer Science, University of Salerno, Simone Romano University of Salerno, Massimiliano Di Penta University of Sannio, Italy, Rita Francese University of Salerno, Giuseppe Scanniello University of Salerno
11:15
15m
Talk
Towards Semi-Automated Merge Conflict Resolution: Is It Easier Than We Expected?Distinguished Paper Award
Research Papers
Alexander Boll University of Bern, Yael van Dok University of Bern, Manuel Ohrndorf University of Bern, Alexander Schultheiß Paderborn University, Timo Kehrer University of Bern
11:30
15m
Talk
Leveraging Statistical Machine Translation for Code Search
Research Papers
Hung Phan , Ali Jannesari Iowa State University
11:45
15m
Talk
LEGION: Harnessing Pre-trained Language Models for GitHub Topic Recommendations with Distribution-Balance Loss
Research Papers
Yen-Trang Dang Hanoi University of Science and Technology, Le-Cong Thanh The University of Melbourne, Phuc-Thanh Nguyen Hanoi University of Science and Technology, Anh M. T. Bui Hanoi University of Science and Technology, Phuong T. Nguyen University of L’Aquila, Xuan-Bach D. Le University of Melbourne, Quyet Thang Huynh Hanoi University of Science and Technology
Pre-print
12:00
15m
Talk
LLM-Based Chatbots for Mining Software Repositories: Challenges and Opportunities
Research Papers
Samuel Abedu Concordia University, Ahmad Abdellatif University of Calgary, Emad Shihab Concordia University
Pre-print
12:15
15m
Talk
An exploratory study of software artifacts on GitHub from the lens of documentation
Journal-first
Akhila Sri Manasa Venigalla IIT Tirupati, Sridhar Chimalakonda Indian Institute of Technology, Tirupati