Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM (MSR 2022 - Data and Tool Showcase Track)

Who

Kristiina Rahkema, Dietmar Pfahl

Track

MSR 2022 Data and Tool Showcase Track

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 19 May 2022 03:33 - 03:37 at MSR Main room - odd hours - Session 8: Large-Scale Mining & Software Ecosystems Chair(s): Fiorella Zampetti, Gregorio Robles
Mon 23 May 2022 11:30 - 11:38 at Room 315+316 - Blended Technical Session 1 (Integration, Large-scale mining, and Software Ecosystems) Chair(s): Bogdan Vasilescu

Abstract

Third party libraries are used to integrate existing solutions for common problems and help speed up development. The use of third party libraries, however, can carry risks, for example through vulnerabilities in these libraries. Studying the dependency networks of package managers lets us better understand and mitigate these risks. So far, the dependency networks of the three most important package managers of the Apple ecosystem, CocoaPods, Carthage and Swift PM, have not been studied. We analysed the dependencies for all publicly available open source libraries up to December 2021 and compiled a dataset containing the dependency networks of all three package managers. The dependency networks can be used to analyse how vulnerabilities are propagated through transitive dependencies. In order to ease the tracing of vulnerable libraries we also queried the NVD database and included publicly reported vulnerabilities for these libraries in the dataset.

Link to Preprint

https://drive.google.com/file/d/1R4gUHHkGmfV5C9ZV-Z71AdRc3aBU4Vpw/view?usp=sharing

Kristiina Rahkema

University of Tartu

Estonia

Dietmar Pfahl

University of Tartu

Estonia

Video

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 19 May
Displayed time zone: Eastern Time (US & Canada) change

03:00 - 03:50	Session 8: Large-Scale Mining & Software EcosystemsTechnical Papers / Data and Tool Showcase Track at MSR Main room - odd hours Chair(s): Fiorella Zampetti University of Sannio, Italy, Gregorio Robles Universidad Rey Juan Carlos

03:00 7m Talk		An Empirical Study on the Survival Rate of GitHub Projects Technical Papers Adem Ait-Fonolla IN3 - UOC, Javier Luis Cánovas Izquierdo IN3 - UOC, Jordi Cabot Open University of Catalonia, Spain Pre-print
03:07 7m Talk		A Large-Scale Comparison of Python Code in Jupyter Notebooks and ScriptsDistinguished Paper Award Technical Papers Konstantin Grotov JetBrains Research, ITMO University, Sergey Titov JetBrains Research, Vladimir Sotnikov JetBrains Research, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research; HSE University DOI Pre-print
03:14 7m Talk		Do Customized Android Frameworks Keep Pace with Android? Technical Papers Pei Liu Monash University, Mattia Fazzini University of Minnesota, John Grundy Monash University, Li Li Monash University
03:21 4m Talk		Lupa: A Platform for Large Scale Analysis of The Progamming Language Usage Data and Tool Showcase Track Anna Vlasova JetBrains Research, Maria Tigina JetBrains Research, ITMO University, Ilya Vlasov Saint Petersburg State University, Anastasiia Birillo JetBrains Research, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research; HSE University DOI Pre-print
03:25 4m Talk		GitDelver Enterprise Dataset (GDED): An Industrial Closed-source Dataset for Socio-Technical Research Data and Tool Showcase Track Nicolas Riquet University of Namur, Xavier Devroey University of Namur, Benoît Vanderose University of Namur Pre-print
03:29 4m Talk		DaSEA – A Dataset for Software Ecosystem Analysis Data and Tool Showcase Track Petya Buchkova IT University of Copenhagen, Joakim Hey Hinnerskov IT University of Copenhagen, Kasper Olsen IT University of Copenhagen, Rolf-Helge Pfeiffer IT University of Copenhagen Pre-print Media Attached
03:33 4m Talk		Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM Data and Tool Showcase Track Kristiina Rahkema University of Tartu, Dietmar Pfahl University of Tartu Pre-print Media Attached
03:37 13m Live Q&A		Discussions and Q&A Technical Papers

Mon 23 May
Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30	Blended Technical Session 1 (Integration, Large-scale mining, and Software Ecosystems)Technical Papers / Data and Tool Showcase Track at Room 315+316 Chair(s): Bogdan Vasilescu Carnegie Mellon University, USA

11:00 15m Talk		Do Small Code Changes Merge Faster? A Multi-Language Empirical Investigation Technical Papers Gunnar Kudrjavets University of Groningen, Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands DOI Pre-print
11:15 15m Talk		Mining Code Review Data to Understand Waiting Times Between Acceptance and Merging: An Empirical Analysis Technical Papers Gunnar Kudrjavets University of Groningen, Aditya Kumar Snap, Inc., Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands DOI Pre-print
11:30 8m Talk		Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM Data and Tool Showcase Track Kristiina Rahkema University of Tartu, Dietmar Pfahl University of Tartu Pre-print Media Attached
11:38 8m Talk		A Large-scale Dataset of (Open Source) License Text VariantsData and Tool Showcase Award Data and Tool Showcase Track Stefano Zacchiroli Télécom Paris, Polytechnic Institute of Paris DOI Pre-print
11:46 8m Talk		TSSB-3M: Mining single statement bugs at massive scale Data and Tool Showcase Track Cedric Richter Carl von Ossietzky Universität Oldenburg / University of Oldenburg, Heike Wehrheim Carl von Ossietzky Universität Oldenburg / University of Oldenburg Pre-print Media Attached
11:54 8m Talk		LAGOON: An Analysis Tool for Open Source Communities Data and Tool Showcase Track Sourya Dey Galois, Inc., Walt Woods Galois, Inc. Pre-print Media Attached
12:02 8m Talk		The Unexplored Treasure Trove of Phabricator Code Reviews Data and Tool Showcase Track Gunnar Kudrjavets University of Groningen, Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands DOI Pre-print
12:10 20m Live Q&A		Discussions and Q&A Technical Papers

Information for Participants

Thu 19 May 2022 03:00 - 03:50 at MSR Main room - odd hours - Session 8: Large-Scale Mining & Software Ecosystems Chair(s): Fiorella Zampetti, Gregorio Robles

Info for room MSR Main room - odd hours:

Click here to go to the room on Midspace