Goals & Tasks
Our Mission
The mission of
Objectives
Apply Orthogonal Defect Classification (ODC) to vulnerabilities affecting CI tools, supported by Large Language Models (LLMs) to analyze defect types, qualifiers, and root causes in a structured and reproducible manner.
Evaluate how CI platforms handle intentionally vulnerable applications, assessing their ability to detect, suppress, or ignore security flaws manually injected or generated by LLMs across representative workloads.
Benchmark CI tools under Poisoned Pipeline Execution (PPE) scenarios by constructing realistic and reproducible attack loads derived from documented security advisories.
Characterize source code trustworthiness within CI/CD pipelines using LLM-based assessments of security, reliability, and maintainability, enabling automated pipeline decisions based on predefined trustworthiness thresholds.
Tasks
Collection and analysis of CI-tool vulnerabilities from public advisories, CVE databases, and issue trackers. Vulnerabilities are classified using Orthogonal Defect Classification, with LLM support and human-in-the-loop validation, producing a structured and reusable dataset.
Assessment of how major CI platforms process intentionally vulnerable applications, including integration of security tools and evaluation of vulnerability detection effectiveness under realistic development conditions.
Design and execution of reproducible Poisoned Pipeline Execution scenarios based on real-world security advisories, enabling comparative evaluation of CI platforms in terms of resilience, logging, and default security posture.
Integration of LLM-based trustworthiness evaluation into CI/CD workflows, assessing source code along the dimensions of security, reliability, and maintainability, and studying the impact of trustworthiness thresholds on automated pipeline decisions.