Correlation Between GitHub Stars and Code Vulnerabilities

Abstract

In the software industry, open-source repositories are widely utilized to speed up software development. GitHub is a big source of open-source repositories and offers users to star the code repository. Stars are used in GitHub to represent appreciation and popularity. Studies have revealed that repositories may be of lower quality and may have vulnerabilities that hackers may exploit. It is not known whether the popularity of the GitHub repositories in terms of stars confirms the security and invulnerability of the program code. This paper analyzed the correlation between stars of GitHub’s code repositories and the vulnerabilities in their code by using static code analyzer. The study examined the vulnerabilities in ten popular C++ source repositories on GitHub and discovered 3487 vulnerabilities in the dataset, which were split into four categories based on severity. There was not a single repository in the dataset that was free of flaws. On the detected vulnerabilities, a Kruskal-Wallis H test reveals a significant difference between the different code repositories of the dataset. The Spearman's rank correlation coefficient test found no correlation between repositories’ stars and the frequency of vulnerabilities, implying that the popularity of code repositories on GitHub in terms of high star ratings does not imply their security integrity. Overall, the findings suggest that code repositories should be thoroughly evaluated before being used in software development. The novelty of this paper resides in the development of new knowledge as well as the study pattern that may be used to other investigations.