SwiftDependencyChecker: Detecting Vulnerable Dependencies Declared Through CocoaPods, Carthage and Swift PM - Citegraph

Paper Info

Title
SwiftDependencyChecker: Detecting Vulnerable Dependencies Declared Through CocoaPods, Carthage and Swift PM

Abstract
Vulnerable versions of third party libraries can remain a threat even after a security fix has been published. Developers are hesitant to update dependencies and could unknowingly depend on an outdated vulnerable library version. We developed SwiftDependencyChecker to make data from public vulnerability databases more accessible to Swift developers. SwiftDependencyChecker analyses dependencies declared through CocoaPods, Carthage and Swift PM, queries the NVD database, and shows warnings for used vulnerable library versions in Xcode. Preliminary evaluation of the tool showed that the vulnerability analysis is effective. General feedback from independent developers was encouraging with some improvement potential on performance for the initial analysis of a project.

Year	DOI	Venue
2022	10.1145/3524613.3527806	2022 IEEE/ACM 9th International Conference on Mobile Software Engineering and Systems (MobileSoft)
Keywords	DocType	ISBN
iOS,third party dependencies,package manager,security analysis,IDE integration	Conference	978-1-6654-9018-4
Citations	PageRank	References
0	0.34	3
Authors
2

Authors (2 rows)

Cited by (0 rows)

References (3 rows)

Name	Order	Citations	PageRank
Kristiina Rahkema	1	2	1.84
Dietmar Pfahl	2	0	1.35

1