Abstract
In the realm of industrial software development, DevOps has emerged as the preferred approach for handling the highly iterative software production process. DevOps refers to the tight integration of development and operations activities, with Continuous Integration, Continuous Delivery, and Continuous Deployment (CI/CD) being pivotal methodologies for ensuring the iterative delivery of high-quality software. To achieve CI/CD, pipelines of activities are deployed using commercial tools. Due to the dynamic nature of these tools, CI/CD pipelines are often migrated to new versions or even new tools. Since this is mostly a manual process, it is a cumbersome and error-prone activity. To assist software engineers during this process, we propose a novel approach that leverages model-driven engineering (MDE) to support the migration of CI/CD pipelines. Our approach is inspired by the traditional reengineering horseshoe model, which abstracts existing pipeline artifacts into a comprehensive model as an intermediate representation. From these models, we can then generate semantic-equivalent pipelines for any novel CI/CD tool. Thus, our main contribution comprises a metamodel designed to represent the structure of existing CI/CD pipelines and build the foundation for MDE-based migration of CI/CD pipelines. We validated our metamodel by successfully modeling 400 existing pipelines. This evaluation demonstrated a 100% applicability rate when applied to configuration files from technologies that collectively account for over 92% of CI/CD scripts in use. Furthermore, we conducted a detailed case study demonstrating the practical applicability of our approach in real-world migration scenarios. Finally, we demonstrate that our metamodel promotes equivalence between an original pipeline and a new one generated from it in a different technology by showing through test cases that the execution traces of both pipelines are identical.

Abstract
Continuous Integration and Deployment (CI/CD) pipelines are essential for modern software delivery, yet configuring them remains a challenge due to the complexity of text-based formats like YAML. These configurations are error-prone and require substantial expertise, posing a barrier to novices. In this paper, we introduce PipeBlocks, a block-based CI/CD tool featuring a graphical interface for visually constructing pipelines through modular, drag-and-drop blocks. PipeBlocks seamlessly integrates with GitHub Actions, allowing users to design, validate, and execute pipelines entirely within the tool while maintaining full compatibility with existing YAML workflows. A key innovation is the ability to trigger and monitor pipeline runs directly in PipeBlocks, eliminating context-switching. We evaluated PipeBlocks through a controlled study with 10 participants configuring identical pipelines (build, test, deploy) using both PipeBlocks and YAML editing in GitHub Actions. Using the System Usability Scale (SUS) and NASA-TLX benchmarks, we found that PipeBlocks achieved a statistically significantly higher usability score and a lower cognitive load. The results suggest that block-based approaches can effectively lower CI/CD's learning curve while maintaining functional completeness, making them particularly valuable for academic settings and early-career developers building CI/CD competencies.

Abstract
Continuous Integration and Deployment (CI/CD) pipelines are essential for modern software delivery, yet configuring them remains a challenge due to the complexity of textbased formats like YAML. These configurations are error-prone and require substantial expertise, posing a barrier especially to novices. In this paper, we introduce PipeBlocks, a block-based CI/CD tool featuring a graphical interface for visually constructing pipelines through modular, drag-and-drop blocks. PipeBlocks seamlessly integrates with GitHub Actions, allowing users to design, validate, and execute pipelines entirely within the tool while maintaining full compatibility with existing YAML workflows. A key innovation is the ability to trigger and monitor pipeline runs directly in PipeBlocks, eliminating context-switching.

Abstract
Computational reproducibility remains a critical yet unresolved issue across scientific disciplines, often hindered by complex configuration requirements and technical barriers. We present SciConv, a novel conversational tool designed to assist researchers in creating and executing reproducible computational experiments using natural language. By leveraging large language models (llMs), SciConv automates the detection of dependencies and programming languages, and packages experiments into portable artifacts with minimal manual input. Unlike traditional platforms based on graphical user interfaces (e.g., web-based), SciConv features a chat-based interface that guides researchers interactively through the reproducibility workflow. This paper introduces the architecture, design principles, and interaction model of SciConv, and discusses its potential to lower the technical barriers to reproducibility.

Abstract
The fast global expansion of online public services has transformed how governments interact with citizens, offering convenience and efficiency. However, this digital transformation also introduces significant security risks, as sensitive data exchanged between users and service providers over public networks are exposed to cyber threats. Thus, ensuring the security and trustworthiness of these services is critical to the success of Electronic Government (EGOV) initiatives. This study evaluates the information security posture of 3068 public service platforms across all 193 UN Member States through non-intrusive assessments conducted in 2023 and 2024. The evaluation focuses on three key dimensions: (i) the adoption of secure end-to-end communication protocols, (ii) the trustworthiness of digital certificate chains, and (iii) the exposure of hosting servers to known vulnerabilities. The findings reveal that while some progress has been made in securing online public services, substantial gaps remain in the implementation of international security standards and best practices. Many platforms continue to rely on outdated cryptographic protocols, misconfigured certificates, and unpatched vulnerabilities, leaving citizens and services vulnerable to cyber threats due to weaknesses that malicious actors can easily and inconspicuously identify. These insights emphasize the need for effective implementation of more comprehensive cybersecurity policies, proactive security assessments, and improved regulatory compliance checks. Additionally, this work provides actionable guidance for governments and system administrators to enhance the security of EGOV infrastructures by addressing persistent vulnerabilities and adopting robust cybersecurity practices.

Abstract
Electronic Control Units are embedded devices that control various critical features of an automobile. Consequently, it is crucial to develop tools that enable penetration testers to identify security vulnerabilities within these ECUs as efficiently as possible. Fuzzing, a widely-used technique, can help uncover vulnerabilities in various types of applications. Fuzzing can then be applied to test ECUs through their communication protocols, the most common being the Controller Area Network (CAN). We present oCANada, a generation-based fuzzer which can be utilized in order to craft CAN messages for fuzzing. Many existing CAN fuzzers rely on simple mutation-based fuzzing, which involves randomly changing bits in the CAN payload. This paper introduces a novel generation-based fuzzing approach that leverages CAN database files (DBCs) in order to craft syntactically correct messages. oCANada also incorporates State-of-the-Art CAN reverse engineering techniques in order to enable syntax-aware fuzzing even when DBCs are not available. Additionally, this paper discusses test oracle techniques employed for fuzzing ECUs over CAN in both greybox and blackbox environments. Finally, we present our results while running the tool which we used two CANoe simulations, a Gateway ECU, and a modified version of the instrument cluster simulator ICSim. In these results, we also compare our fuzzer to the well-known CaringCaribou fuzzer.