FASTEN: Intelligent Software Package Management

•

0 j'aime•67 vues

I presented the FASTEN project at OW2con'2020 online conference. The project aims at making software package management intelligent and robust. https://www.fasten-project.eu/

Ingénierie

FASTEN
Intelligent Software Package Management
Amir Mir
s.a.m.mir@tudelft.nl
OW2Con, June 2020

Content
● Open Source Software (OSS)
● Package Management
● Package Dependency Networks (PDNs)
○ Issues with PDNs
○ Existing Solutions
○ The Root Cause
● The FASTEN Project
○ Solution
○ The FASTEN Architecture
○ The Metadata Database
○ Current State
○ Examples of FASTEN Workflow

Open Source Software (OSS)
● Allows to reuse code to reduce development and maintenance costs
● Hosted on centralized repositories (Maven, PyPI, ....)
● Made the dream of collaborative development feasible

Package Management
● Open-source libraries as a building block for creating new software
● Package managers resolve dependencies and download required libraries

Package Dependency Networks (PDNs)
● Packages versions and their dependencies from huge and complex dependency
networks
● Version constraints make these networks more complicated

Recent Failures with PDNs
● Leftpad in 2016

Recent Failures with PDNs
● In 2017, affected 147 millions of people

Issues with PDNs
From a developer’s perspective
● The observability problem
● The update problem
● The compliance problem
● The trust problem
From a maintainer’s perspective
● The update problem
● The deprecation problem
● The unlawful use problem
● The lack of incentive problem

Existing Solutions to the Issues of PDNs
● Services like GitHub, Dependabot
● Problems:
○ No support for assessing updates
○ No help with impact assessment
○ False positives

The Root Cause of the Issues of PDNs
Current Solutions
Call Dependency
Networks (CDNs)

The FASTEN Project
● Fine-Grained Analysis of Software Ecosystems as Network
● Aims at solving the issues of PDNs by making package management robust and
intelligent
● A centralized service to host the graphs and serve the analyses
● Consortium:

The FASTEN Solution
● More precise license compliance
○ Am I linking to GPL code?
● More precise risk profiling
○ Does this vulnerability affect my package?
● More precise change impact analysis
○ How many packages will I break if I change this function?
○ Can I safely update the dependencies of my package?
● Integration with package managers

Overview of the FASTEN Architecture
Data streams
Package repositories
Vulnerability information
FASTEN server
Call graph generators
Analysis layer
Security Change impact
Compliance Quality and Risk
Storage layer
RESTAPIWebUI
Continuous
Integration
servers

Current Status of the Project
● Alpha version of the project in May
● Generated 1.2M Java call graphs
● Generated 80K Rust call graphs
● Generating call graphs for Debian packages
● Deployment of the FASTEN server on Kubernetes clusters
● Initial implementation of the storage layer
○ The metadata database
○ Graph database

Examples of FASTEN Workflow
Updating with confidence
Before FASTEN After FASTEN

Examples of FASTEN Workflow
Deciding to use a library
Before FASTEN After FASTEN

https://www.fasten-project.eu/
https://github.com/fasten-project
https://twitter.com/fastenproject

The FASTEN project has received funding from the European Union’s Horizon 2020
research and innovation programme under grant agreement No 825328.

Contenu connexe

Similaire à FASTEN: Intelligent Software Package Management

software technology benchmarking

Mallikarjuna G D

Demystifying Containerization Principles for Data Scientists

Dr Ganesh Iyer

On the fragility of open source software packaging ecosystems

Tom Mens

Meteor South Bay Meetup - Kubernetes & Google Container Engine

Kit Merker

NATS Connect Live!

NATS

Come hear about our container management platform, Titus. Titus launches over 2 millions containers per week for service and batch workloads. Come to learn what applications are powered by Titus and what values the developers are getting from containers. Also, we will cover some of the Titus unique aspects of reliability, control plane, scheduling, and container runtime technologies. We will also cover our integrations with Netflix systems such as Spinnaker as well as Amazon concepts such as VPC and IAM. https://www.meetup.com/Netflix-Open-Source-Platform/events/247776324/

NetflixOSS Meetup S6E1 - Titus & Containers

aspyker

Nuxeo World Session: Gagnavarslan and Nuxeo - Building software services on N...

Nuxeo

Delivering Cloud Native Batch Solutions - Dodd Pfeffer

VMware Tanzu

Webinar Session - https://youtu.be/_5MfGMf8PG4 In this webinar, we share how the Container Attached Storage pattern makes performance tuning more tractable, by giving each workload its own storage system, thereby decreasing the variables needed to understand and tune performance. We then introduce MayaStor, a breakthrough in the use of containers and Kubernetes as a data plane. MayaStor is the first containerized data engine available that delivers near the theoretical maximum performance of underlying systems. MayaStor performance scales with the underlying hardware and has been shown, for example, to deliver in excess of 10 million IOPS in a particular environment.

Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage

MayaData Inc

SpringOne Platform 2017 David Turanski, Pivotal; Rohit Sood, Liberty Mutual; Rohit Kelapure, Pivotal; Justin Stone, Liberty Mutual This session will detail a synthesis of techniques used to destroy a monolithic BPM and orchestration based application at Liberty Mutual into an event driven microservices based architecture implemented with Event Sourcing and CQRS. The transformation and developer productivity affected by the monolith decomposition and alignment of business capabilities to bounded contexts teaches lessons for all enterprises looking to undergo similar changes.

Deconstructing Monoliths with Domain Driven Design

VMware Tanzu

You can’t have cloud-native applications without a modern approach to databases and backing services. Data professionals are looking for ways to transform how databases are provisioned and managed. In this webinar, we’ll cover practical strategies you can employ to deliver improved business agility at the data layer. We’ll discuss the impact that microservices are having in the enterprise, and what this means for MySQL and other popular databases. Join us and learn the answers to these common questions: ● How can you meet the operational challenge of scaling the number of MySQL database instances and managing the fleet? ● Adding to this scale challenge, how can your MySQL instances maintain availability in a world where the underlying IT infrastructure is ephemeral? ● How can you secure data in motion? ● How can you enable self-service while maintaining control and governance? We’ll cover these topics and share how enterprises like yours are delivering greater outcomes with our Pivotal Platform managed MySQL. Now you can scale without fear of failure. Presenters: Judy Wang, Product Management Jagdish Mirani, Product Marketing

Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service

VMware Tanzu

Organizations can pick between numerous free community-supported distributions of the Linux operating system. In the data center and on AWS, Azure, GKE, CloudFlare, DigitalOcean, and other public clouds, these free versions are available as part of the default configuration. Why, then, would you pay for Linux? These slides, based on a webinar hosted by Red Hat and leading IT research firm EMA, provide insights into what has and has not worked related to the adoption of free versus subscription-based Linux distributions.

Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY

Enterprise Management Associates

FASTEN: Scaling static analyses to ecosystem, presented at FOSDEM 2020 in Bru...

Fasten Project

Lunar Way and the Cloud Native "stack"

Kasper Nissen

Moeller bosc2010 debian_taverna

BOSC 2010

Netflix Open Source Meetup Season 3 Episode 2

aspyker

NetflixOSS Meetup season 3 episode 2

Ruslan Meshenberg

OpenStack & Ubuntu (india openstack day)

openstackindia

Presentation delivered at LinuxCon China 2017. Open vSwitch (OVS) is a multilayer open source virtual switch. OVS is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces. OVN is a new network virtualization project that brings virtual networking to the Open vSwitch user community. OVN includes logical switches and routers, security groups, and L2/L3/L4 ACLs, implemented on top of a tunnel-based overlay network. In this presentation, we will provide an overview of the current state of the projects and their future plans, such as: - The current state of the Linux, DPDK, and Hyper-V ports - A status update on a portable BPF-based datapath - The latest stateful and OpenFlow features available in OVS - Performance and debugging enhancement to OVN - OVN features under development such as ACL logging and encrypted tunnels

The Open vSwitch and OVN Projects

LinuxCon ContainerCon CloudOpen China

Chainer OpenPOWER developer congress HandsON 20170522_ota

Preferred Networks

Similaire à FASTEN: Intelligent Software Package Management (20)

software technology benchmarking

Demystifying Containerization Principles for Data Scientists

On the fragility of open source software packaging ecosystems

Meteor South Bay Meetup - Kubernetes & Google Container Engine

NATS Connect Live!

NetflixOSS Meetup S6E1 - Titus & Containers

Nuxeo World Session: Gagnavarslan and Nuxeo - Building software services on N...

Delivering Cloud Native Batch Solutions - Dodd Pfeffer

Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage

Deconstructing Monoliths with Domain Driven Design

Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service

Why Pay for Open Source Linux? Avoid the Hidden Cost of DIY

FASTEN: Scaling static analyses to ecosystem, presented at FOSDEM 2020 in Bru...

Lunar Way and the Cloud Native "stack"

Moeller bosc2010 debian_taverna

Netflix Open Source Meetup Season 3 Episode 2

NetflixOSS Meetup season 3 episode 2

OpenStack & Ubuntu (india openstack day)

The Open vSwitch and OVN Projects

Chainer OpenPOWER developer congress HandsON 20170522_ota

Dernier

Call Girl Meerut Indira Call Now: 8617697112 Meerut Escorts Booking Contact Details WhatsApp Chat: +91-8617697112 Meerut Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Meerut understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

Structural Analysis and Design of Foundations: A Comprehensive Handbook for Students and Professionals. Unlock the potential of foundation design with Dr. Costas Sachpazis’s enlightening handbook, a meticulously crafted guide poised to become an indispensable resource for both budding and seasoned civil engineers. This comprehensive manual illuminates the theoretical and practical aspects of structural analysis and design across various types of foundations and retaining walls. Within these pages, Dr. Sachpazis distills complex engineering principles into digestible, step-by-step processes, enhanced by detailed diagrams, case studies, and real-world examples that bridge the gap between academic study and professional application. From soil mechanics and load calculations to innovative design techniques and sustainability considerations, this book covers a vast landscape of structural engineering. Key Features: • In-Depth Analysis and Design: Explore thorough explanations of both shallow and deep foundation designs, supported by case studies that demonstrate their practical implementations. • Practical Guides: Benefit from detailed guides on site investigation, bearing capacity calculations, and settlement analysis, ensuring designs are both robust and reliable. • Innovative Techniques: Discover the latest advancements in foundation technology and retaining wall design, preparing you for future trends in civil engineering. • Educational Tools: Utilize this handbook as an educational tool, perfect for both classroom learning and professional development. Whether you're a student eager to learn the fundamentals or a professional seeking to deepen your expertise, Dr. Sachpazis’s handbook is designed to support and inspire excellence in the field of structural engineering. Embrace this opportunity to enhance your skills and contribute to building safer, more efficient structures.

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...

Dr.Costas Sachpazis

Java Programming :Event Handling(Types of Events)

simmis5

AKTU Computer Networks notes --- Unit 3.pdf

ankushspencer015

African Journal of Biological Sciences is an International peer-reviewed, Open Access journal that publishes original research articles as well as review articles in all areas of Biological Sciences. It operates a fully open access publishing model which allows open global access to its published content. This model is supported through Article Processing Charges. For more information on Article Processing charges click here. Its scope embraces Animal Sciences, Biochemistry, Bioinformatics, Biotechnology, Botany, Cell Biology, Developmental Biology, Ecology, Environmental Sciences, Ethno Medicine, Food Science, Freshwater Biology, Genetics, Immunology, Marine Biology, Microbiology, Molecular Biology, Physiology, Plant Sciences, Structural Biology,Toxicology,Zoology etc. It is essential that authors prepare their manuscripts according to established specifications. Failure to follow them may result in papers being delayed or rejected. Therefore, contributors are strongly encouraged to read the author guidelines carefully before preparing a manuscript for submission. The manuscripts should be checked carefully for grammatical, punctuation errors. All papers are subjected to peer review. All articles published in this journal represent the opinion of the authors and not reflect the official policy of the Journal of African Journal of Biological Sciences

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...

Christo Ananth

Thermal Engineering-R & A / C - unit - V

DineshKumar4165

Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida, • IN CALL AND OUT CALL SERVICE IN DELHI NCR • 3* 5* 7* HOTELS SERVICE IN DELHI NCR • 24 HOURS AVAILABLE IN DELHI NCR • INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS • REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE • SHORT TIME AND FULL TIME SERVICE AVAILABLE • HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS • DAILY NEW ESCORTS STAFF AVAILABLE • MINIMUM TO MAXIMUM RANGE AVAILABLE. Call Girls in Delhi & Independent Escort Service – CALL GIRLS SERVICE DELHI NCR Vip call girls in Delhi Call Girls in Delhi, Call Girl Service 24×7 open Call Girls in Delhi Best Delhi Escorts in Delhi Low Rate Call Girls In Saket Delhi X~CALL GIRLS IN Ramesh Nagar Metro best Delhi call girls and Delhi escort service. CALL GIRLS SERVICE IN ALL DELHI … (Delhi) Call Girls in (Chanakyapuri) Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks. Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR. Delhi All Hotel Services available 3* 4* 5* Call Call Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi Delhi All Hotel Services available my agency SERVICES [✓✓✓] Housewife College Girl VIP Escort Independent Girl Aunty Without a Condom sucking )? Sexy Aunty.DSL (Dick Sucking Lips)? DT (Dining at the Toes English Spanking) Doggie (Sex style from no behind)?? OutCall- All Over Delhi Noida Gurgaon 24/7 FOR APPOINTMENT Call/Whatsop / 9953056974

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

The Educational Administration: Theory and Practice publishes prominent empirical and conceptual articles focused on timely and critical leadership and policy issues of educational organizations. The journal embraces traditional and emergent research paradigms, methods, and issues. The journal particularly promotes the publication of rigorous and relevant scholarly work that enhances linkages among and utility for educational policy, practice, and research arenas. The goal of the editorial team and the journal’s editorial board is to promote sound scholarship and a clear and continuing dialogue among scholars and practitioners from a broad spectrum of education. Educational Administration: Theory and Practice presents prominent empirical and conceptual articles focused on timely and critical leadership and policy issues facing educational organizations. As an editorial team, we embrace traditional and emergent theoretical frameworks, research methods, and topics. We particularly promote the publication of rigorous and relevant scholarly work with utility for educational policy, practice, and research. The journal’s primary focus is on studies of educational leadership, organizations, leadership development, and policy as they relate to elementary and secondary levels of education. Examinations of leadership and policy that fall outside K-12 are considered insofar as there are meaningful connections to the K-12 arena (e.g., college pipeline). International comparative investigations are welcome to the extent they have implications for a broad audience.s.

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...

Christo Ananth

KubeKraft presentation @CloudNativeHooghly

sanyuktamishra911

ONLINE FOOD ORDER SYSTEM is a website designed primarily for use in the food delivery industry. This system will allow hotels and restaurants to increase scope of business by reducing the labor cost involved. The system also allows to quickly and easily manage an online menu which customers can browse and use to place orders with just few clicks. Restaurant employees then use these orders through an easy to navigate graphical interface for efficient processing.

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf

Kamal Acharya

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Indian Girls Waiting For You To Fuck Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...

Call Girls in Nagpur High Profile

Generative AI or GenAI technology based PPT

bhaskargani46

Double rodded leveling 1 pdf activity 01

KreezheaRecto

Call Girl Aurangabad Indira Call Now: 8617697112 Aurangabad Escorts Booking Contact Details WhatsApp Chat: +91-8617697112 Aurangabad Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Aurangabad understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...

SUHANI PANDEY

Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking

roncy bisnoi

PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL

ManishPatel169454

Vivazz, Mieres Social Housing Design Spain

timesproduction05

UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS

rknatarajan

Dernier (20)

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...

Java Programming :Event Handling(Types of Events)

AKTU Computer Networks notes --- Unit 3.pdf

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...

Thermal Engineering-R & A / C - unit - V

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...

KubeKraft presentation @CloudNativeHooghly

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...

Generative AI or GenAI technology based PPT

Double rodded leveling 1 pdf activity 01

(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...

Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking

PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL

Vivazz, Mieres Social Housing Design Spain

UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS

FASTEN: Intelligent Software Package Management

1. FASTEN Intelligent Software Package Management Amir Mir s.a.m.mir@tudelft.nl OW2Con, June 2020

2. Content ● Open Source Software (OSS) ● Package Management ● Package Dependency Networks (PDNs) ○ Issues with PDNs ○ Existing Solutions ○ The Root Cause ● The FASTEN Project ○ Solution ○ The FASTEN Architecture ○ The Metadata Database ○ Current State ○ Examples of FASTEN Workflow

3. Open Source Software (OSS) ● Allows to reuse code to reduce development and maintenance costs ● Hosted on centralized repositories (Maven, PyPI, ....) ● Made the dream of collaborative development feasible

4. Package Management ● Open-source libraries as a building block for creating new software ● Package managers resolve dependencies and download required libraries

5. Package Management

6. Package Dependency Networks (PDNs) ● Packages versions and their dependencies from huge and complex dependency networks ● Version constraints make these networks more complicated

7. Recent Failures with PDNs ● Leftpad in 2016

8. Recent Failures with PDNs ● In 2017, affected 147 millions of people

9. Issues with PDNs From a developer’s perspective ● The observability problem ● The update problem ● The compliance problem ● The trust problem From a maintainer’s perspective ● The update problem ● The deprecation problem ● The unlawful use problem ● The lack of incentive problem

10. Existing Solutions to the Issues of PDNs ● Services like GitHub, Dependabot ● Problems: ○ No support for assessing updates ○ No help with impact assessment ○ False positives

11. The Root Cause of the Issues of PDNs Current Solutions Call Dependency Networks (CDNs)

12. The FASTEN Project ● Fine-Grained Analysis of Software Ecosystems as Network ● Aims at solving the issues of PDNs by making package management robust and intelligent ● A centralized service to host the graphs and serve the analyses ● Consortium:

13. The FASTEN Solution ● More precise license compliance ○ Am I linking to GPL code? ● More precise risk profiling ○ Does this vulnerability affect my package? ● More precise change impact analysis ○ How many packages will I break if I change this function? ○ Can I safely update the dependencies of my package? ● Integration with package managers

14. Overview of the FASTEN Architecture Data streams Package repositories Vulnerability information FASTEN server Call graph generators Analysis layer Security Change impact Compliance Quality and Risk Storage layer RESTAPIWebUI Continuous Integration servers

15. The Metadata Database

16. Current Status of the Project ● Alpha version of the project in May ● Generated 1.2M Java call graphs ● Generated 80K Rust call graphs ● Generating call graphs for Debian packages ● Deployment of the FASTEN server on Kubernetes clusters ● Initial implementation of the storage layer ○ The metadata database ○ Graph database

17. Examples of FASTEN Workflow Updating with confidence Before FASTEN After FASTEN

18. Examples of FASTEN Workflow Deciding to use a library Before FASTEN After FASTEN

19. https://www.fasten-project.eu/ https://github.com/fasten-project https://twitter.com/fastenproject

20. The FASTEN project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 825328.

FASTEN: Intelligent Software Package Management

Recommandé

Recommandé

Contenu connexe

Similaire à FASTEN: Intelligent Software Package Management

Similaire à FASTEN: Intelligent Software Package Management (20)

Dernier

Dernier (20)

FASTEN: Intelligent Software Package Management