{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:KUX36GX7Q522MDR4DU6AICUTIF","short_pith_number":"pith:KUX36GX7","canonical_record":{"source":{"id":"1703.04277","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-03-13T07:38:16Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"2469162eb90648ec79ddd50d7e38937e7af50f59ecff846979a0299ae28cfa93","abstract_canon_sha256":"edaa9828ad8e2fcc4c8985c3ff4a618f6749d33c9c7a4bf008608d461a8e6025"},"schema_version":"1.0"},"canonical_sha256":"552fbf1aff8775a60e3c1d3c040a93414ee70020b5fab418b56d1f907f64e6b5","source":{"kind":"arxiv","id":"1703.04277","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1703.04277","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"arxiv_version","alias_value":"1703.04277v1","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1703.04277","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"pith_short_12","alias_value":"KUX36GX7Q522","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_16","alias_value":"KUX36GX7Q522MDR4","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_8","alias_value":"KUX36GX7","created_at":"2026-05-18T12:31:28Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:KUX36GX7Q522MDR4DU6AICUTIF","target":"record","payload":{"canonical_record":{"source":{"id":"1703.04277","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-03-13T07:38:16Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"2469162eb90648ec79ddd50d7e38937e7af50f59ecff846979a0299ae28cfa93","abstract_canon_sha256":"edaa9828ad8e2fcc4c8985c3ff4a618f6749d33c9c7a4bf008608d461a8e6025"},"schema_version":"1.0"},"canonical_sha256":"552fbf1aff8775a60e3c1d3c040a93414ee70020b5fab418b56d1f907f64e6b5","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:48:49.241656Z","signature_b64":"Le1FbuM5At0LUgV6S2oHNI9UXqvMIItSSzI4jE3tOlmh842PGMCm7/A315uNnVAISReQXKR0/q8Y9KRMkAu4DA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"552fbf1aff8775a60e3c1d3c040a93414ee70020b5fab418b56d1f907f64e6b5","last_reissued_at":"2026-05-18T00:48:49.241036Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:48:49.241036Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1703.04277","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:48:49Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"EauLzl3Tuh+tUps3ThA+ZwoRFqMQfZqDkAwXsUjq9gVKSkm5Z3ieT9BjwXi848I4TpsheF8745yqkebFi+tpCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T08:47:38.280715Z"},"content_sha256":"c7960979bb5c2bb35f262bbdbfeffe9233575c743e639097ce1483d87ae61020","schema_version":"1.0","event_id":"sha256:c7960979bb5c2bb35f262bbdbfeffe9233575c743e639097ce1483d87ae61020"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:KUX36GX7Q522MDR4DU6AICUTIF","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Security Support in Continuous Deployment Pipeline","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR"],"primary_cat":"cs.SE","authors_text":"Adam Johannes Raft, Faheem Ullah, Mansooreh Zahedi, Mojtaba Shahin, Muhammad Ali Babar","submitted_at":"2017-03-13T07:38:16Z","abstract_excerpt":"Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactic"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1703.04277","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:48:49Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Co8iViUKObYLAmAA3gIgGiSCNPVFEy1dI32gEJNIn9uzSsCiGLddLhy4yESBfzdQFDttkY5+Mi2Tn15DIJUoBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T08:47:38.281645Z"},"content_sha256":"aa2c214bff9e60d381c97a1d5e5f3e9148743ca0a8eb3184a4ce803a0255c393","schema_version":"1.0","event_id":"sha256:aa2c214bff9e60d381c97a1d5e5f3e9148743ca0a8eb3184a4ce803a0255c393"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/KUX36GX7Q522MDR4DU6AICUTIF/bundle.json","state_url":"https://pith.science/pith/KUX36GX7Q522MDR4DU6AICUTIF/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/KUX36GX7Q522MDR4DU6AICUTIF/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-04T08:47:38Z","links":{"resolver":"https://pith.science/pith/KUX36GX7Q522MDR4DU6AICUTIF","bundle":"https://pith.science/pith/KUX36GX7Q522MDR4DU6AICUTIF/bundle.json","state":"https://pith.science/pith/KUX36GX7Q522MDR4DU6AICUTIF/state.json","well_known_bundle":"https://pith.science/.well-known/pith/KUX36GX7Q522MDR4DU6AICUTIF/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:KUX36GX7Q522MDR4DU6AICUTIF","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"edaa9828ad8e2fcc4c8985c3ff4a618f6749d33c9c7a4bf008608d461a8e6025","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-03-13T07:38:16Z","title_canon_sha256":"2469162eb90648ec79ddd50d7e38937e7af50f59ecff846979a0299ae28cfa93"},"schema_version":"1.0","source":{"id":"1703.04277","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1703.04277","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"arxiv_version","alias_value":"1703.04277v1","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1703.04277","created_at":"2026-05-18T00:48:49Z"},{"alias_kind":"pith_short_12","alias_value":"KUX36GX7Q522","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_16","alias_value":"KUX36GX7Q522MDR4","created_at":"2026-05-18T12:31:28Z"},{"alias_kind":"pith_short_8","alias_value":"KUX36GX7","created_at":"2026-05-18T12:31:28Z"}],"graph_snapshots":[{"event_id":"sha256:aa2c214bff9e60d381c97a1d5e5f3e9148743ca0a8eb3184a4ce803a0255c393","target":"graph","created_at":"2026-05-18T00:48:49Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactic","authors_text":"Adam Johannes Raft, Faheem Ullah, Mansooreh Zahedi, Mojtaba Shahin, Muhammad Ali Babar","cross_cats":["cs.CR"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-03-13T07:38:16Z","title":"Security Support in Continuous Deployment Pipeline"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1703.04277","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:c7960979bb5c2bb35f262bbdbfeffe9233575c743e639097ce1483d87ae61020","target":"record","created_at":"2026-05-18T00:48:49Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"edaa9828ad8e2fcc4c8985c3ff4a618f6749d33c9c7a4bf008608d461a8e6025","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2017-03-13T07:38:16Z","title_canon_sha256":"2469162eb90648ec79ddd50d7e38937e7af50f59ecff846979a0299ae28cfa93"},"schema_version":"1.0","source":{"id":"1703.04277","kind":"arxiv","version":1}},"canonical_sha256":"552fbf1aff8775a60e3c1d3c040a93414ee70020b5fab418b56d1f907f64e6b5","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"552fbf1aff8775a60e3c1d3c040a93414ee70020b5fab418b56d1f907f64e6b5","first_computed_at":"2026-05-18T00:48:49.241036Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:48:49.241036Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Le1FbuM5At0LUgV6S2oHNI9UXqvMIItSSzI4jE3tOlmh842PGMCm7/A315uNnVAISReQXKR0/q8Y9KRMkAu4DA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:48:49.241656Z","signed_message":"canonical_sha256_bytes"},"source_id":"1703.04277","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:c7960979bb5c2bb35f262bbdbfeffe9233575c743e639097ce1483d87ae61020","sha256:aa2c214bff9e60d381c97a1d5e5f3e9148743ca0a8eb3184a4ce803a0255c393"],"state_sha256":"8cb0e96df4b45505f89a4a4f57b2cd06e2f8f1e16587d5a59dbc81799166bfbd"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"13DsAbDeles9D68HdvTIDHOVh4ILKloACeKH0c90UpGPjNebh43PEw3y7nvf/7EJVaEo9SmbvbdOpUoAz941Dg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-04T08:47:38.284289Z","bundle_sha256":"5d21a88f724cbfc9d00d8b4e5d40552d6207fc3fb3e702baf3effe53d37706e3"}}