Tootfinder

Ladies and gentlemen and others, this is why I recommend hosting your own forge, like forgejo: https://mastodon.social/@mcc/114536667832141959
Also, as I recently discovered: Github git implementation is pretty dumb and reports unsolvable conflicts that are automatically solved by…

"My productivity is boosted, but ..." Demystifying Users' Perception on AI Coding Assistants
Yunbo Lyu, Zhou Yang, Jieke Shi, Jianming Chang, Yue Liu, David Lo
https://arxiv.org/abs/2508.12285

"My productivity is boosted, but ..." Demystifying Users' Perception on AI Coding Assistants
This paper aims to explore fundamental questions in the era when AI coding assistants like GitHub Copilot are widely adopted: what do developers truly value and criticize in AI coding assistants, and what does this reveal about their needs and expectations in real-world software development? Unlike previous studies that conduct observational research in controlled and simulated environments, we analyze extensive, first-hand user reviews of AI coding assistants, which capture developers' authent…

LinkAnchor: An Autonomous LLM-Based Agent for Issue-to-Commit Link Recovery
Arshia Akhavan, Alireza Hosseinpour, Abbas Heydarnoori, Mehdi Keshani
https://arxiv.org/abs/2508.12232

LinkAnchor: An Autonomous LLM-Based Agent for Issue-to-Commit Link Recovery
Issue-to-commit link recovery plays an important role in software traceability and improves project management. However, it remains a challenging task. A study on GitHub shows that only 42.2% of the issues are correctly linked to their commits. This highlights the potential for further development and research in this area. Existing studies have employed various AI/ML-based approaches, and with the recent development of large language models, researchers have leveraged LLMs to tackle this probl…

While technically a correct fix, this #dotnet fix is about to break a lot of deployments. This was just deployed in the latest release of .NET 8 and 9.
https://github.com/dotnet/aspnetcore/p

[release/8.0] Forwarded Headers Middleware: Ignore XForwardedHeaders from Unknown Proxy by github-actions[bot] · Pull Request #61623 · dotnet/aspnetcore
Backport of #61530 to release/8.0 /cc @BrennanConroy @yannic-hamann-abb Forwarded Headers Middleware: Ignore XForwardedHeaders from Unknown Proxy Description If the ForwardedHeadersMiddleware middl...

The Impact of Large Language Models (LLMs) on Code Review Process
Antonio Collante, Samuel Abedu, SayedHassan Khatoonabadi, Ahmad Abdellatif, Ebube Alor, Emad Shihab
https://arxiv.org/abs/2508.11034

The Impact of Large Language Models (LLMs) on Code Review Process
Large language models (LLMs) have recently gained prominence in the field of software development, significantly boosting productivity and simplifying teamwork. Although prior studies have examined task-specific applications, the phase-specific effects of LLM assistance on the efficiency of code review processes remain underexplored. This research investigates the effect of GPT on GitHub pull request (PR) workflows, with a focus on reducing resolution time, optimizing phase-specific performance…

Low-rank Momentum Factorization for Memory Efficient Training
Pouria Mahdavinia, Mehrdad Mahdavi
https://arxiv.org/abs/2507.08091 https://arxiv.org/pdf/2507.08091 https://arxiv.org/html/2507.08091
arXiv:2507.08091v1 Announce Type: new
Abstract: Fine-tuning large foundation models presents significant memory challenges due to stateful optimizers like AdamW, often requiring several times more GPU memory than inference. While memory-efficient methods like parameter-efficient fine-tuning (e.g., LoRA) and optimizer state compression exist, recent approaches like GaLore bridge these by using low-rank gradient projections and subspace moment accumulation. However, such methods may struggle with fixed subspaces or computationally costly offline resampling (e.g., requiring full-matrix SVDs). We propose Momentum Factorized SGD (MoFaSGD), which maintains a dynamically updated low-rank SVD representation of the first-order momentum, closely approximating its full-rank counterpart throughout training. This factorization enables a memory-efficient fine-tuning method that adaptively updates the optimization subspace at each iteration. Crucially, MoFaSGD leverages the computed low-rank momentum factors to perform efficient spectrally normalized updates, offering an alternative to subspace moment accumulation. We establish theoretical convergence guarantees for MoFaSGD, proving it achieves an optimal rate for non-convex stochastic optimization under standard assumptions. Empirically, we demonstrate MoFaSGD's effectiveness on large language model alignment benchmarks, achieving a competitive trade-off between memory reduction (comparable to LoRA) and performance compared to state-of-the-art low-rank optimization methods. Our implementation is available at https://github.com/pmahdavi/MoFaSGD.
toXiv_bot_toot

How Does LLM Reasoning Work for Code? A Survey and a Call to Action
Ira Ceka, Saurabh Pujar, Irene Manotas, Gail Kaiser, Baishakhi Ray, Shyam Ramji
https://arxiv.org/abs/2506.13932

How Does LLM Reasoning Work for Code? A Survey and a Call to Action
The rise of large language models (LLMs) has led to dramatic improvements across a wide range of natural language tasks. These advancements have extended into the domain of code, facilitating complex tasks such as code generation, translation, summarization, and repair. However, their utility for real-world deployment in-the-wild has only recently been studied, particularly on software engineering (SWE) tasks such as GitHub issue resolution. In this study, we examine the code reasoning techniqu…

Social Media Reactions to Open Source Promotions: AI-Powered GitHub Projects on Hacker News
Prachnachai Meakpaiboonwattana, Warittha Tarntong, Thai Mekratanavorakul, Chaiyong Ragkhitwetsagul, Pattaraporn Sangaroonsilp, Raula Kula, Morakot Choetkiertikul, Kenichi Matsumoto, Thanwadee Sunetnanta
https://arxiv.org/abs/2506.12643

Social Media Reactions to Open Source Promotions: AI-Powered GitHub Projects on Hacker News
Social media platforms have become more influential than traditional news sources, shaping public discourse and accelerating the spread of information. With the rapid advancement of artificial intelligence (AI), open-source software (OSS) projects can leverage these platforms to gain visibility and attract contributors. In this study, we investigate the relationship between Hacker News, a social news site focused on computer science and entrepreneurship, and the extent to which it influences de…

Who is using AI to code? Global diffusion and impact of generative AI
Simone Daniotti, Johannes Wachs, Xiangnan Feng, Frank Neffke
https://arxiv.org/abs/2506.08945

Who is using AI to code? Global diffusion and impact of generative AI
Generative coding tools promise big productivity gains, but uneven uptake could widen skill and income gaps. We train a neural classifier to spot AI-generated Python functions in 80 million GitHub commits (2018-2024) by 200,000 developers and track how fast--and where--these tools take hold. By December 2024, AI wrote an estimated 30.1% of Python functions from U.S. contributors, versus 24.3% in Germany, 23.2% in France, 21.6% in India, 15.4% in Russia and 11.7% in China. Newer GitHub users use…

ASTRA: Autonomous Spatial-Temporal Red-teaming for AI Software Assistants
Xiangzhe Xu, Guangyu Shen, Zian Su, Siyuan Cheng, Hanxi Guo, Lu Yan, Xuan Chen, Jiasheng Jiang, Xiaolong Jin, Chengpeng Wang, Zhuo Zhang, Xiangyu Zhang
https://arxiv.org/abs/2508.03936

ASTRA: Autonomous Spatial-Temporal Red-teaming for AI Software Assistants
AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world vulnerabilities. We present ASTRA, an automated agent system designed to systematically uncover safety flaws in AI-driven code generation and security guidance systems. ASTRA works in three stages: (1) it build…

MCNP-GO: A python package for assembling MCNP input files with a systems engineering approach
Alexandre Friou
https://arxiv.org/abs/2507.05659 https://

MCNP-GO: A python package for assembling MCNP input files with a systems engineering approach
This article introduces MCNP-GO (https://github.com/afriou/mcnpgo), a Python package designed to manipulate and assemble MCNP input files, allowing users to assemble a set of independent objects, each described by a valid MCNP file, into a single cohesive file. This tool is particularly useful for applications where precise modeling and positioning of equipment are crucial. The package addresses the challenges of managing large databases of MCNP input files, ensuring reliability and traceabilit…

Building Bigraphs of the real world
Kang Rong Roy Ang
https://arxiv.org/abs/2508.00003 https://arxiv.org/pdf/2508.00003

Building Bigraphs of the real world
This report proposes a formal specification for organising all buildings, streets and administrative areas in the world into a hierarchical space-partitioning tree using data from OpenStreetMap. This hierarchical structure is encoded into a bigraph, serving as a digital twin of the world and capturing complete street connectivity. It presents a tool implemented in OCaml (source code at https://github.com/royangkr/bigraph-of-the-world ) that constructs bigraphs for regions from any part of the w…

I'm not surprised that Gitlab decided to run off a cliff to follow GitHub:
«AI coding bot allows prompt injection with a pull request»
Everyday I'm more grateful for @… and @…!
https://pivot-to-ai.com/2025/05/24/ai-coding-bot-allows-prompt-injection-with-a-pull-request/

KnowIt: Deep Time Series Modeling and Interpretation
M. W. Theunissen, R. Rabe, M. H. Davel
https://arxiv.org/abs/2507.06009 https://…

KnowIt: Deep Time Series Modeling and Interpretation
KnowIt (Knowledge discovery in time series data) is a flexible framework for building deep time series models and interpreting them. It is implemented as a Python toolkit, with source code and documentation available from https://must-deep-learning.github.io/KnowIt. It imposes minimal assumptions about task specifications and decouples the definition of dataset, deep neural network architecture, and interpretability technique through well defined interfaces. This ensures the ease of importing n…

On the synchronization between Hugging Face pre-trained language models and their upstream GitHub repository
Ajibode Adekunle, Abdul Ali Bangash, Bram Adams, Ahmed E. Hassan
https://arxiv.org/abs/2508.10157

On the synchronization between Hugging Face pre-trained language models and their upstream GitHub repository
Pretrained language models (PTLMs) have advanced natural language processing (NLP), enabling progress in tasks like text generation and translation. Like software package management, PTLMs are trained using code and environment scripts in upstream repositories (e.g., GitHub, GH) and distributed as variants via downstream platforms like Hugging Face (HF). Coordinating development between GH and HF poses challenges such as misaligned release timelines, inconsistent versioning, and limited reuse o…

Rxiv-Maker: An Automated Template Engine for Streamlined Scientific Publications
Bruno M. Saraiva, Guillaume Jaquemet, Ricardo Henriques
https://arxiv.org/abs/2508.00836 https:/…

Rxiv-Maker: An Automated Template Engine for Streamlined Scientific Publications
Scientific publishing increasingly relies on preprint servers for rapid dissemination, yet researchers often struggle with manuscript preparation and quality control. Here we present Rxiv-Maker, a GitHub-native framework that converts markdown content to publication-ready PDFs through automated LaTeX processing. The system addresses reproducibility challenges in computational biology and imaging research by treating manuscripts as executable outputs rather than static documents. Rxiv-Maker inte…

A GPU Code for Finding Microlensing Critical Curves and Caustics
Luke Weisenbach
https://arxiv.org/abs/2506.02121 https://arxiv.org/p…

A GPU Code for Finding Microlensing Critical Curves and Caustics
Advancements in analyses of caustic crossing events in gravitationally microlensed quasars and supernovae can benefit from numerical simulations which locate the caustics in conjunction with the creation of magnification maps. We present a GPU code which efficiently solves this problem; the code is available at https://github.com/weisluke/microlensing/. We discuss how the locations of the microcaustics can be used to determine the number of caustic crossings and the distances to caustics, both …

Nosey: Open-source hardware for acoustic nasalance
Maya Dewhurst, Jack Collins, Justin J. H. Lo, Roy Alderton, Sam Kirkham
https://arxiv.org/abs/2505.23339

Nosey: Open-source hardware for acoustic nasalance
We introduce Nosey (Nasalance Open Source Estimation sYstem), a low-cost, customizable, 3D-printed system for recording acoustic nasalance data that we have made available as open-source hardware (http://github.com/phoneticslab/nosey). We first outline the motivations and design principles behind our hardware nasalance system, and then present a comparison between Nosey and a commercial nasalance device. Nosey shows consistently higher nasalance scores than the commercial device, but the magnit…

Sorrel: A simple and flexible framework for multi-agent reinforcement learning
Rebekah A. Gelp\'i, Yibing Ju, Ethan C. Jackson, Yikai Tang, Shon Verch, Claas Voelcker, William A. Cunningham
https://arxiv.org/abs/2506.00228

Sorrel: A simple and flexible framework for multi-agent reinforcement learning
We introduce Sorrel (https://github.com/social-ai-uoft/sorrel), a simple Python interface for generating and testing new multi-agent reinforcement learning environments. This interface places a high degree of emphasis on simplicity and accessibility, and uses a more psychologically intuitive structure for the basic agent-environment loop, making it a useful tool for social scientists to investigate how learning and social interaction leads to the development and change of group dynamics. In thi…

Understanding the Issue Types in Open Source Blockchain-based Software Projects with the Transformer-based BERTopic
Md Nahidul Islam Opu, Md Shahidul Islam, Sara Rouhani, Shaiful Chowdhury
https://arxiv.org/abs/2506.11451

Understanding the Issue Types in Open Source Blockchain-based Software Projects with the Transformer-based BERTopic
Blockchain-based software systems are increasingly deployed across diverse domains, yet a systematic understanding of their development challenges remains limited. This paper presents a large-scale empirical study of 497,742 issues mined from 1,209 open-source blockchain projects hosted on GitHub. Employing BERTopic, a transformer-based topic modeling technique, we identify 49 distinct issue topics and organize them hierarchically into 11 major subcategories. Our analysis reveals that both gene…

Prospective Learning in Retrospect
Yuxin Bai, Cecelia Shuai, Ashwin De Silva, Siyu Yu, Pratik Chaudhari, Joshua T. Vogelstein
https://arxiv.org/abs/2507.07965 https://arxiv.org/pdf/2507.07965 https://arxiv.org/html/2507.07965
arXiv:2507.07965v1 Announce Type: new
Abstract: In most real-world applications of artificial intelligence, the distributions of the data and the goals of the learners tend to change over time. The Probably Approximately Correct (PAC) learning framework, which underpins most machine learning algorithms, fails to account for dynamic data distributions and evolving objectives, often resulting in suboptimal performance. Prospective learning is a recently introduced mathematical framework that overcomes some of these limitations. We build on this framework to present preliminary results that improve the algorithm and numerical results, and extend prospective learning to sequential decision-making scenarios, specifically foraging. Code is available at: https://github.com/neurodata/prolearn2.
toXiv_bot_toot

I'm not surprised that Gitlab decided to run off a cliff to follow GitHub:
«AI coding bot allows prompt injection with a pull request»
Everyday I'm more grateful for @… and @…!
https://pivot-to-ai.com/2025/05/24/ai-coding-bot-allows-prompt-injection-with-a-pull-request/

LadyBug: A GitHub Bot for UI-Enhanced Bug Localization in Mobile Apps
Junayed Mahmud, James Chen, Terry Achille, Camilo Alvarez-Velez, Darren Dean Bansil, Patrick Ijieh, Samar Karanch, Nadeeshan De Silva, Oscar Chaparro, Andrian Marcus, Kevin Moran
https://arxiv.org/abs/2508.05085

LadyBug: A GitHub Bot for UI-Enhanced Bug Localization in Mobile Apps
This paper introduces LadyBug, a GitHub bot that automatically localizes bugs for Android apps by combining UI interaction information with text retrieval. LadyBug connects to an Android app's GitHub repository, and is triggered when a bug is reported in the corresponding issue tracker. Developers can then record a reproduction trace for the bug on a device or emulator and upload the trace to LadyBug via the GitHub issue tracker. This enables LadyBug to utilize both the text from the original b…

Divide and Conquer: A Large-Scale Dataset and Model for Left-Right Breast MRI Segmentation
Maximilian Rokuss, Benjamin Hamm, Yannick Kirchhoff, Klaus Maier-Hein
https://arxiv.org/abs/2507.13830

Divide and Conquer: A Large-Scale Dataset and Model for Left-Right Breast MRI Segmentation
We introduce the first publicly available breast MRI dataset with explicit left and right breast segmentation labels, encompassing more than 13,000 annotated cases. Alongside this dataset, we provide a robust deep-learning model trained for left-right breast segmentation. This work addresses a critical gap in breast MRI analysis and offers a valuable resource for the development of advanced tools in women's health. The dataset and trained model are publicly available at: www.github.com/MIC-DKFZ…

Not One to Rule Them All: Mining Meaningful Code Review Orders From GitHub
Abir Bouraffa, Carolin Brandt, Andy Zaidmann, Walid Maalej
https://arxiv.org/abs/2506.10654

Not One to Rule Them All: Mining Meaningful Code Review Orders From GitHub
Developers use tools such as GitHub pull requests to review code, discuss proposed changes, and request modifications. While changed files are commonly presented in alphabetical order, this does not necessarily coincide with the reviewer's preferred navigation sequence. This study investigates the different navigation orders developers follow while commenting on changes submitted in pull requests. We mined code review comments from 23,241 pull requests in 100 popular Java and Python repositorie…

This https://arxiv.org/abs/2505.01892 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csLG_…

OODTE: A Differential Testing Engine for the ONNX Optimizer
With over 700 stars on GitHub and being part of the official ONNX repository, the ONNX Optimizer is the default tool for applying graph-based optimizations to ONNX models. Despite its widespread use, its ability to maintain model accuracy during optimization has not been thoroughly investigated. In this work, we present OODTE, a utility designed to automatically and comprehensively evaluate the correctness of the ONNX Optimizer. OODTE adopts a straightforward yet powerful differential testing a…

The Effects of GitHub Copilot on Computing Students' Programming Effectiveness, Efficiency, and Processes in Brownfield Programming Tasks
Md Istiak Hossain Shihab, Christopher Hundhausen, Ahsun Tariq, Summit Haque, Yunhan Qiao, Brian Mulanda
https://arxiv.org/abs/2506.10051

The Effects of GitHub Copilot on Computing Students' Programming Effectiveness, Efficiency, and Processes in Brownfield Programming Tasks
When graduates of computing degree programs enter the software industry, they will most likely join teams working on legacy code bases developed by people other than themselves. In these so-called brownfield software development settings, generative artificial intelligence (GenAI) coding assistants like GitHub Copilot are rapidly transforming software development practices, yet the impact of GenAI on student programmers performing brownfield development tasks remains underexplored. This paper i…

XtalOpt Version 14: Variable-Composition Crystal Structure Search for Functional Materials Through Pareto Optimization
Samad Hajinazar, Eva Zurek
https://arxiv.org/abs/2506.17246 …

XtalOpt Version 14: Variable-Composition Crystal Structure Search for Functional Materials Through Pareto Optimization
Version 14 of XtalOpt, evolutionary multi-objective global optimization algorithm for crystal structure prediction, is now available for download from its official website https://xtalopt.github.io. The new version of the code is designed to perform ground state search for novel crystal structures with variable composition by integrating a suite of ab initio methods alongside classical and machine-learning potentials for structural relaxation. The multi-objective search framework has been furth…

An Empirical Study on Virtual Reality Software Security Weaknesses
Yifan Xu, Jinfu Chen, Zhenyu Qi, Huashan Chen, Junyi Wang, Pengfei Hu, Feng Liu, Sen He
https://arxiv.org/abs/2507.17324

An Empirical Study on Virtual Reality Software Security Weaknesses
Virtual Reality (VR) has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of weaknesses are prevalent in VR software; {\em when} and {\em how} weaknesses are introduced; how long they have survived; and how they have been removed. Due to the limited availability of VR software secu…

SWE-Factory: Your Automated Factory for Issue Resolution Training Data and Evaluation Benchmarks
Lianghong Guo, Yanlin Wang, Caihua Li, Pengyu Yang, Jiachi Chen, Wei Tao, Yingtian Zou, Duyu Tang, Zibin Zheng
https://arxiv.org/abs/2506.10954

SWE-Factory: Your Automated Factory for Issue Resolution Training Data and Evaluation Benchmarks
Constructing large-scale datasets for the GitHub issue resolution task is crucial for both training and evaluating the software engineering capabilities of Large Language Models (LLMs). However, the traditional process for creating such benchmarks is notoriously challenging and labor-intensive, particularly in the stages of setting up evaluation environments, grading test outcomes, and validating task instances. In this paper, we propose SWE-Factory, an automated pipeline designed to address th…

This https://arxiv.org/abs/2312.17294 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

Enhancing Open-Domain Task-Solving Capability of LLMs via Autonomous Tool Integration from GitHub
Large Language Models (LLMs) excel in traditional natural language processing tasks but struggle with problems that require complex domain-specific calculations or simulations. While equipping LLMs with external tools to build LLM-based agents can enhance their capabilities, existing approaches lack the flexibility to address diverse and ever-evolving user queries in open domains. Currently, there is also no existing dataset that evaluates LLMs on open-domain knowledge that requires tools to so…

A Human Centric Requirements Engineering Framework for Assessing Github Copilot Output
Soroush Heydari
https://arxiv.org/abs/2508.03922 https://arxiv.org/p…

A Human Centric Requirements Engineering Framework for Assessing Github Copilot Output
The rapid adoption of Artificial Intelligence(AI) programming assistants such as GitHub Copilot introduces new challenges in how these software tools address human needs. Many existing evaluation frameworks address technical aspects such as code correctness and efficiency, but often overlook crucial human factors that affect the successful integration of AI assistants in software development workflows. In this study, I analyzed GitHub Copilot's interaction with users through its chat interface,…

Refactoring-Aware Patch Integration Across Structurally Divergent Java Forks
Daniel Ogenrwot, John Businge
https://arxiv.org/abs/2508.06718 https://arxiv.o…

Refactoring-Aware Patch Integration Across Structurally Divergent Java Forks
While most forks on platforms like GitHub are short-lived and used for social collaboration, a smaller but impactful subset evolve into long-lived forks, referred to here as variants, that maintain independent development trajectories. Integrating bug-fix patches across such divergent variants poses challenges due to structural drift, including refactorings that rename, relocate, or reorganize code elements and obscure semantic correspondence. This paper presents an empirical study of patch int…

UTBoost: Rigorous Evaluation of Coding Agents on SWE-Bench
Boxi Yu, Yuxuan Zhu, Pinjia He, Daniel Kang
https://arxiv.org/abs/2506.09289 https://

UTBoost: Rigorous Evaluation of Coding Agents on SWE-Bench
The advent of Large Language Models (LLMs) has spurred the development of coding agents for real-world code generation. As a widely used benchmark for evaluating the code generation capabilities of these agents, SWE-Bench uses real-world problems based on GitHub issues and their corresponding pull requests. However, the manually written test cases included in these pull requests are often insufficient, allowing generated patches to pass the tests without resolving the underlying issue. To addre…

Replaced article(s) found for cs.SE. https://arxiv.org/list/cs.SE/new/
[1/1]:
Enhancing Open-Domain Task-Solving Capability of LLMs via Autonomous Tool Integration from GitHub

GitHub Marketplace: Driving Automation and Fostering Innovation in Software Development
SK. Golam Saroar, Waseefa Ahmed, Elmira Onagh, Maleknaz Nayebi
https://arxiv.org/abs/2508.01489

GitHub Marketplace: Driving Automation and Fostering Innovation in Software Development
GitHub, a central hub for collaborative software development, has revolutionized the open-source software (OSS) ecosystem through its GitHub Marketplace, a platform launched in 2017 to host automation tools aimed at enhancing the efficiency and scalability of software projects. As the adoption of automation in OSS production grows, understanding the trends, characteristics, and underlying dynamics of this marketplace has become vital. Furthermore, despite the rich repository of academic researc…

Issue Tracking Ecosystems: Context and Best Practices
Lloyd Montgomery
https://arxiv.org/abs/2507.06704 https://arxiv.org/pdf/2507.06…

Issue Tracking Ecosystems: Context and Best Practices
Issue Tracking Systems (ITSs), such as GitHub and Jira, are popular tools that support Software Engineering (SE) organisations through the management of ``issues'', which represent different SE artefacts such as requirements, development tasks, and maintenance items. ITSs also support internal linking between issues, and external linking to other tools and information sources. This provides SE organisations key forms of documentation, including forwards and backwards traceability (e.g., Feature…

Enhancing Software Supply Chain Security Through STRIDE-Based Threat Modelling of CI/CD Pipelines
Sowmiya Dhandapani
https://arxiv.org/abs/2506.06478 https…

Enhancing Software Supply Chain Security Through STRIDE-Based Threat Modelling of CI/CD Pipelines
With the increasing adoption of Continuous Integration and Continuous Deployment pipelines, securing software supply chains has become a critical challenge for modern DevOps teams. This study addresses these challenges by applying a structured threat modeling approach to identify and mitigate risks throughout the CI/CD lifecycle. By modeling a representative pipeline architecture incorporating tools such as GitHub, Jenkins, Docker, and Kubernetes and applying the STRIDE framework, we systematic…

Classifying Issues in Open-source GitHub Repositories
Amir Hossain Raaj, Fairuz Nawer Meem, Sadia Afrin Mim
https://arxiv.org/abs/2507.18982 https://arxiv.…

Classifying Issues in Open-source GitHub Repositories
GitHub is the most widely used platform for software maintenance in the open-source community. Developers report issues on GitHub from time to time while facing difficulties. Having labels on those issues can help developers easily address those issues with prior knowledge of labels. However, most of the GitHub repositories do not maintain regular labeling for the issues. The goal of this work is to classify issues in the open-source community using ML \& DNN models. There are thousands of open…

Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection
Damian Gnieciak, Tomasz Szandala
https://arxiv.org/abs/2508.04448 htt…

Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection
Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six automated approaches: three industry-standard rule-based static code-analysis tools (SonarQube, CodeQL and Snyk Code) and three state-of-the-art large language models hosted on the GitHub Models platform (GPT-4.1, Mistral Large and DeepSeek V3). Using a curated s…

What Makes ChatGPT Effective for Software Issue Resolution? An Empirical Study of Developer-ChatGPT Conversations in GitHub
Ramtin Ehsani, Sakshi Pathak, Esteban Parra, Sonia Haiduc, Preetha Chatterjee
https://arxiv.org/abs/2506.22390

What Makes ChatGPT Effective for Software Issue Resolution? An Empirical Study of Developer-ChatGPT Conversations in GitHub
Conversational large-language models are extensively used for issue resolution tasks. However, not all developer-LLM conversations are useful for effective issue resolution. In this paper, we analyze 686 developer-ChatGPT conversations shared within GitHub issue threads to identify characteristics that make these conversations effective for issue resolution. First, we analyze the conversations and their corresponding issues to distinguish helpful from unhelpful conversations. We begin by catego…

Beyond Binary Moderation: Identifying Fine-Grained Sexist and Misogynistic Behavior on GitHub with Large Language Models
Tanni Dev, Sayma Sultana, Amiangshu Bosu
https://arxiv.org/abs/2507.20358

Beyond Binary Moderation: Identifying Fine-Grained Sexist and Misogynistic Behavior on GitHub with Large Language Models
Background: Sexist and misogynistic behavior significantly hinders inclusion in technical communities like GitHub, causing developers, especially minorities, to leave due to subtle biases and microaggressions. Current moderation tools primarily rely on keyword filtering or binary classifiers, limiting their ability to detect nuanced harm effectively. Aims: This study introduces a fine-grained, multi-class classification framework that leverages instruction-tuned Large Language Models (LLMs) t…

An Empirical Study of Complexity, Heterogeneity, and Compliance of GitHub Actions Workflows
Edward Abrokwah, Taher A. Ghaleb
https://arxiv.org/abs/2507.18062 https://

An Empirical Study of Complexity, Heterogeneity, and Compliance of GitHub Actions Workflows
Continuous Integration (CI) has evolved from a tooling strategy to a fundamental mindset in modern CI engineering. It enables teams to develop, test, and deliver software rapidly and collaboratively. Among CI services, GitHub Actions (GHA) has emerged as a dominant service due to its deep integration with GitHub and a vast ecosystem of reusable workflow actions. Although GHA provides official documentation and community-supported best practices, there appears to be limited empirical understandi…

Can LLMs Write CI? A Study on Automatic Generation of GitHub Actions Configurations
Taher A. Ghaleb, Dulina Rathnayake
https://arxiv.org/abs/2507.17165 htt…

Can LLMs Write CI? A Study on Automatic Generation of GitHub Actions Configurations
Continuous Integration (CI) services, such as GitHub Actions, require developers to write YAML-based configurations, which can be tedious and error-prone. Despite the increasing use of Large Language Models (LLMs) to automate software engineering tasks, their ability to generate CI configurations remains underexplored. This paper presents a preliminary study evaluating six LLMs for generating GitHub Actions configurations from natural language descriptions. We assess three general-purpose found…

Context-Aware Code Wiring Recommendation with LLM-based Agent
Taiming Wang, Yanjie Jiang, Chunhao Dong, Yuxia Zhang, Hui Liu
https://arxiv.org/abs/2507.01315

Context-Aware Code Wiring Recommendation with LLM-based Agent
Copy-paste-modify is a widespread and pragmatic practice in software development, where developers adapt reused code snippets, sourced from platforms such as Stack Overflow, GitHub, or LLM outputs, into their local codebase. A critical yet underexplored aspect of this adaptation is code wiring, which involves substituting unresolved variables in the pasted code with suitable ones from the surrounding context. Existing solutions either rely on heuristic rules or historical templates, often faili…

Encouraging Students' Responsible Use of GenAI in Software Engineering Education: A Causal Model and Two Institutional Applications
Vahid Garousi, Zafar Jafarov, Aytan Movsumova, Atif Namazov, Huseyn Mirzayev
https://arxiv.org/abs/2506.00682

Encouraging Students' Responsible Use of GenAI in Software Engineering Education: A Causal Model and Two Institutional Applications
Context: As generative AI (GenAI) tools such as ChatGPT and GitHub Copilot become pervasive in education, concerns are rising about students using them to complete rather than learn from coursework-risking overreliance, reduced critical thinking, and long-term skill deficits. Objective: This paper proposes and empirically applies a causal model to help educators scaffold responsible GenAI use in Software Engineering (SE) education. The model identifies how professor actions, student factors, …

Echoes of AI: Investigating the Downstream Effects of AI Assistants on Software Maintainability
Markus Borg, Dave Hewett, Nadim Hagatulah, Noric Couderc, Emma S\"oderberg, Donald Graham, Uttam Kini, Dave Farley
https://arxiv.org/abs/2507.00788

Echoes of AI: Investigating the Downstream Effects of AI Assistants on Software Maintainability
[Context] AI assistants, like GitHub Copilot and Cursor, are transforming software engineering. While several studies highlight productivity improvements, their impact on maintainability requires further investigation. [Objective] This study investigates whether co-development with AI assistants affects software maintainability, specifically how easily other developers can evolve the resulting source code. [Method] We conducted a two-phase controlled experiment involving 151 participants, 95% o…

From First Use to Final Commit: Studying the Evolution of Multi-CI Service Adoption
Nitika Chopra, Taher A. Ghaleb
https://arxiv.org/abs/2507.20095 https://

From First Use to Final Commit: Studying the Evolution of Multi-CI Service Adoption
Continuous Integration (CI) services, such as GitHub Actions and Travis CI, are widely adopted in open-source development to automate testing and deployment. Though existing research often examines individual services in isolation, it remains unclear how projects adopt and transition between multiple services over time. To understand how CI adoption is evolving across services, we present a preliminary study analyzing the historical CI adoption of 18,924 Java projects hosted on GitHub between J…

Extension Decisions in Open Source Software Ecosystem
Elmira Onagh, Maleknaz Nayebi
https://arxiv.org/abs/2507.23168 https://arxiv.org/pdf/2507.23168

Extension Decisions in Open Source Software Ecosystem
GitHub Marketplace is expanding by approximately 41% annually, with new tools; however, many additions replicate existing functionality. We study this phenomenon in the platform's largest segment, Continuous Integration (CI), by linking 6,983 CI Actions to 3,869 providers and mining their version histories. Our graph model timestamps every functionality's debut, tracks its adoption, and clusters redundant tools. We find that approximately 65% of new CI Actions replicate existing capabilities, t…

QLPro: Automated Code Vulnerability Discovery via LLM and Static Code Analysis Integration
Junze Hu, Xiangyu Jin, Yizhe Zeng, Yuling Liu, Yunpeng Li, Dan Du, Kaiyu Xie, Hongsong Zhu
https://arxiv.org/abs/2506.23644

QLPro: Automated Code Vulnerability Discovery via LLM and Static Code Analysis Integration
We introduce QLPro, a vulnerability detection framework that systematically integrates LLMs and static analysis tools to enable comprehensive vulnerability detection across entire open-source projects.We constructed a new dataset, JavaTest, comprising 10 open-source projects from GitHub with 62 confirmed vulnerabilities. CodeQL, a state-of-the-art static analysis tool, detected only 24 of these vulnerabilities while QLPro detected 41. Furthermore, QLPro discovered 6 previously unknown vulnerabi…

From Release to Adoption: Challenges in Reusing Pre-trained AI Models for Downstream Developers
Peerachai Banyongrakkul, Mansooreh Zahedi, Patanamon Thongtanunam, Christoph Treude, Haoyu Gao
https://arxiv.org/abs/2506.23234

From Release to Adoption: Challenges in Reusing Pre-trained AI Models for Downstream Developers
Pre-trained models (PTMs) have gained widespread popularity and achieved remarkable success across various fields, driven by their groundbreaking performance and easy accessibility through hosting providers. However, the challenges faced by downstream developers in reusing PTMs in software systems are less explored. To bridge this knowledge gap, we qualitatively created and analyzed a dataset of 840 PTM-related issue reports from 31 OSS GitHub projects. We systematically developed a comprehensi…

Ethical Classification of Non-Coding Contributions in Open-Source Projects via Large Language Models
Sergio Cobos, Javier Luis C\'anovas Izquierdo
https://arxiv.org/abs/2507.21583

Ethical Classification of Non-Coding Contributions in Open-Source Projects via Large Language Models
The development of Open-Source Software (OSS) is not only a technical challenge, but also a social one due to the diverse mixture of contributors. To this aim, social-coding platforms, such as GitHub, provide the infrastructure needed to host and develop the code, but also the support for enabling the community's collaboration, which is driven by non-coding contributions, such as issues (i.e., change proposals or bug reports) or comments to existing contributions. As with any other social endea…

CIgrate: Automating CI Service Migration with Large Language Models
Md Nazmul Hossain, Taher A. Ghaleb
https://arxiv.org/abs/2507.20402 https://arxiv.org/p…

CIgrate: Automating CI Service Migration with Large Language Models
Continuous Integration (CI) configurations often need to be migrated between services (e.g., Travis CI to GitHub Actions) as projects evolve, due to changes in service capabilities, usage limits, or service deprecation. Previous studies reported that migration across CI services is a recurring need in open-source development. However, manual migration can be time-consuming and error-prone. The state-of-the-art approach, CIMig, addresses this challenge by analyzing past migration examples to cre…

MemoCoder: Automated Function Synthesis using LLM-Supported Agents
Yiping Jia, Zhen Ming Jiang, Shayan Noei, Ying Zou
https://arxiv.org/abs/2507.18812 https://

MemoCoder: Automated Function Synthesis using LLM-Supported Agents
With the widespread adoption of Large Language Models (LLMs) such as GitHub Copilot and ChatGPT, developers increasingly rely on AI-assisted tools to support code generation. While LLMs can generate syntactically correct solutions for well-structured programming tasks, they often struggle with challenges that require iterative debugging, error handling, or adaptation to diverse problem structures. Existing approaches such as fine-tuning or self-repair strategies either require costly retraining…

How Software Engineers Engage with AI: A Pragmatic Process Model and Decision Framework Grounded in Industry Observations
Vahid Garousi, Zafar Jafarov
https://arxiv.org/abs/2507.17930

How Software Engineers Engage with AI: A Pragmatic Process Model and Decision Framework Grounded in Industry Observations
Artificial Intelligence (AI) has the potential to transform Software Engineering (SE) by enhancing productivity, efficiency, and decision support. Tools like GitHub Copilot and ChatGPT have given rise to "vibe coding"-an exploratory, prompt-driven development style. Yet, how software engineers engage with these tools in daily tasks, especially in deciding whether to trust, refine, or reject AI-generated outputs, remains underexplored. This paper presents two complementary contributions. First, …

Seeing is Fixing: Cross-Modal Reasoning with Multimodal LLMs for Visual Software Issue Fixing
Kai Huang, Jian Zhang, Xiaofei Xie, Chunyang Chen
https://arxiv.org/abs/2506.16136

Seeing is Fixing: Cross-Modal Reasoning with Multimodal LLMs for Visual Software Issue Fixing
Large language model-(LLM) based automated program repair (APR) techniques have shown promising results in resolving real-world GitHub issue tasks. Existing APR systems are primarily evaluated in unimodal settings (e.g., SWE-bench). However, these autonomous systems struggle to resolve multimodal problem scenarios (e.g., SWE-bench M) due to limitations in interpreting and leveraging visual information. In multimodal scenarios, LLMs need to rely on visual information in the graphical user interf…

VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models
Duong Nguyen, Manh Tran-Duc, Thanh Le-Cong, Triet Huynh Minh Le, M. Ali Babar, Quyet-Thang Huynh
https://arxiv.org/abs/2507.16685

VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models
We present VulGuard, an automated tool designed to streamline the extraction, processing, and analysis of commits from GitHub repositories for Just-In-Time vulnerability prediction (JIT-VP) research. VulGuard automatically mines commit histories, extracts fine-grained code changes, commit messages, and software engineering metrics, and formats them for downstream analysis. In addition, it integrates several state-of-the-art vulnerability prediction models, allowing researchers to train, evaluat…

Toward Inclusive AI-Driven Development: Exploring Gender Differences in Code Generation Tool Interactions
Manaal Basha, Ivan Beschastnikh, Gema Rodriguez-Perez, Cleidson R. B. de Souza
https://arxiv.org/abs/2507.14770

Toward Inclusive AI-Driven Development: Exploring Gender Differences in Code Generation Tool Interactions
Context: The increasing reliance on Code Generation Tools (CGTs), such as Windsurf and GitHub Copilot, are revamping programming workflows and raising critical questions about fairness and inclusivity. While CGTs offer potential productivity enhancements, their effectiveness across diverse user groups have not been sufficiently investigated. Objectives: We hypothesize that developers' interactions with CGTs vary based on gender, influencing task outcomes and cognitive load, as prior research su…

The Rise of AI Teammates in Software Engineering (SE) 3.0: How Autonomous Coding Agents Are Reshaping Software Engineering
Hao Li, Haoxiang Zhang, Ahmed E. Hassan
https://arxiv.org/abs/2507.15003

The Rise of AI Teammates in Software Engineering (SE) 3.0: How Autonomous Coding Agents Are Reshaping Software Engineering
The future of software engineering--SE 3.0--is unfolding with the rise of AI teammates: autonomous, goal-driven systems collaborating with human developers. Among these, autonomous coding agents are especially transformative, now actively initiating, reviewing, and evolving code at scale. This paper introduces AIDev, the first large-scale dataset capturing how such agents operate in the wild. Spanning over 456,000 pull requests by five leading agents--OpenAI Codex, Devin, GitHub Copilot, Cursor…