Related projects
Discover more projects across a range of sectors and discipline — from AI to cleantech to social innovation.
Systematic comparative analysis of GitHub Actions security analysis techniques
Continuous Integration is a software development practice where each member of a team work independently and then merge their changes into a common codebase, at least daily. Each of these integrations is verified through an automated build pipeline, whick consists of a sequence of actions such as compilation, testing, addition of third-party components. The key benefit of continuous integration is to reduce the risk of errors due to incompatible changes by different team members. Meanwhile, modern build pipelines have grown into complex program that schedule tens or hundreds of different tasks. In the open source platforms, such as Github or Gitlab, these pipelines have become targets for malicious actors. They inject vulnerabilities that are hard to detect because of the complexity of the pipelines. With this internship, we will map and benchmark the state of the art techniques to detect these vulnerabilities, in order to better guide developers in their choice of safeguard and to identify research gaps.
Faculty Supervisor:
Benoit Baudry
Student:
Partner:
École Supérieure en Sciences et Technologies de l’Informatique et du Numérique
Discipline:
Computer science
Sector:
Education
University:
Université de Montréal
Program:
Globalink Research Award
Current openings
Find the perfect opportunity to put your academic skills and knowledge into practice!
Find Projects
International
Load More
International
Load More
