Skip to main content

Fine-Grained Analysis of Software Ecosystems as Networks

Objective

A popular form of software reuse involves linking open source software (OSS) libraries hosted on centralized code repositories, such as Maven or PyPI. Developers only need to declare dependencies to external libraries, and automated tools make them available to the workspace of the project. As recent events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, have demonstrated, dependencies on networks of external libraries can introduce to projects significant operational and compliance risks as well as difficult to assess security implications. Solving these problems would boost the efficiency and production quality of software development companies by allowing them to reuse OSS code with confidence, covering a large untapped potential. To address this situation, the FASTEN project introduces fine-grained, method-level, tracking of dependencies on top of existing dependency management networks. Specifically, the project will introduce a service that tracks dependencies at the method call-graph level and performs sophisticated analyses of i) security vulnerability propagation, ii) licensing compliance, and iii) dependency risk profiles. To facilitate adoption, FASTEN will bring those analyses to the hands of developers by integrating the analysis service to popular package managers, for the Java, C, and Python programming languages. The project consortium comprises world-leading experts on ecosystem analysis, graph processing, and software risk and compliance assessment, along with established OSS community integrators and managers.

Field of science

  • /natural sciences/computer and information sciences/software/software development
  • /natural sciences/computer and information sciences/software
  • /natural sciences/biological sciences/ecology/ecosystems
  • /humanities/languages and literature/languages - general

Call for proposal

H2020-ICT-2018-2
See other projects for this call

Funding Scheme

IA - Innovation action

Coordinator

TECHNISCHE UNIVERSITEIT DELFT
Address
Stevinweg 1
2628 CN Delft
Netherlands
Activity type
Higher or Secondary Education Establishments
EU contribution
€ 946 830

Participants (6)

ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS - RESEARCH CENTER
Greece
EU contribution
€ 542 750
Address
Kefallinias Street 46
11251 Athens
Activity type
Higher or Secondary Education Establishments
UNIVERSITA DEGLI STUDI DI MILANO
Italy
EU contribution
€ 366 225
Address
Via Festa Del Perdono 7
20122 Milano
Activity type
Higher or Secondary Education Establishments
XWIKI
France
EU contribution
€ 360 578
Address
35/37 Rue Beaubourg
75003 Paris
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
ENDOCODE AG
Germany
EU contribution
€ 492 808
Address
Bruckenstr 5 A
10179 Berlin
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
SOFTWARE IMPROVEMENT GROUP BV
Netherlands
EU contribution
€ 397 470
Address
Fred. Roeskestraat 115
1076 EE Amsterdam
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
OW2
France
EU contribution
€ 381 875
Address
114 Boulevard Haussmann
75008 Paris
Activity type
Other