Exploring Confidence Challenges in Integrating Third-Party Binaries in a CICD Pipeline with Limited Transparency A Case Study
2025 (English)Independent thesis Advanced level (degree of Master (One Year)), 12 credits / 18 HE credits
Student thesis
Abstract [en]
Background. CI/CD is widely adopted by agile organizations to support rapid iteration and high-quality releases through automation. However, integrating third-party binaries into CI/CD pipelines presents challenges, particularly when source code is not available. This limited visibility complicates verification and integration by restricting the ability to trace functionality, assess code quality, and identify potential risks. This thesis explores how confidence in the software system is influenced when integrating such closed-source third-party components into a larger software system.
Objectives. This research aim to identify key factors that build, indicate, and enhance confidence in integrating third-party binaries into a complex software system. It also provides recommendations to help organizations adapt CI/CD pipelines for reliable and continuous integration.
Methods. This research starts with a literature review to prepare for the case study. The case study involved data collection from document reviews, direct observation, and semi-structured interviews. Insights from document reviews and direct observation informed the design of the semi-structured interviews. A triangulation analysis was conducted to ensure consistency between interview data and findings from document reviews and observations. Finally, the research question was addressed through interview analysis, and the results were validated by interviewees via a questionnaire.
Results. Interview data highlighted acceptance testing, testing with production-representative hardware, and verifying supplier test reports as key factors for ensuring confidence in third-party binary quality. From a process perspective, fast automated supplier feedback and monitoring CI/CD pipeline metrics ranked highest. Integrating these factors, the study formulated eight key recommendations to help organizations manage third-party binaries effectively.
Conclusions. The recommendations focus on three key areas: Testing, Responsibility, and Monitoring & Visualization. This research advocates for systematic automated acceptance testing, which also serves as regression testing. It emphasizes the need for organizations to actively verify and validate third-party binaries beyond supplier validation. Additionally, it underscores the importance of enhancing monitoring and visualization to support data-driven decision-making, ensuring accurate assessment of confidence levels and integration readiness.
Place, publisher, year, edition, pages
2025. , p. 86
Keywords [en]
Confidence level of third-party Software, CI/CD, Automotive Software, Automotive CI/CD, Integration of Third-party binaries
National Category
Other Engineering and Technologies
Identifiers
URN: urn:nbn:se:bth-28261OAI: oai:DiVA.org:bth-28261DiVA, id: diva2:1979934
External cooperation
Automotive company
Subject / course
PA2592 Research Methods and Master's Thesis (60 credits) in Software Engineering for Professionals
Educational program
PAASA Master's Programme in Software Engineering 60,0 hp
Supervisors
Examiners
2025-07-032025-07-012025-09-30Bibliographically approved