Industrial applications heavily integrate open-source software libraries nowadays. Beyond the benefits that libraries bring, they can also impose a real threat in case a library is affected by a vulnerability but its community is not active in creating a fixing release. Therefore, I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities. Since most research in this field is limited due to lack of features, labels, and transitive links, and thus is not applicable in industry, my approach aims to close this gap by capturing the impact of direct and transitive dependencies in terms of their maintenance activities. Automatically monitoring the maintenance activities of dependencies reduces the manual effort of application maintainers and supports application security by continuously having well-maintained dependencies.

翻译：现代工业应用广泛集成开源软件库。开源库在带来便利的同时，若其受漏洞影响但社区未积极发布修复版本，则可能构成实际威胁。为此，本文旨在引入一种面向工业应用的自动化监控方法，用于识别在现有或未来维护活动中呈现负面迹象的开源依赖项。由于该领域多数研究受限于特征不足、标签缺失及传递依赖链不完整等因素，难以应用于工业场景，本方法通过捕获直接依赖与传递依赖在维护活动层面的影响来填补这一空白。自动监控依赖项的维护活动可降低应用维护者的人工成本，并通过持续维持高质量的依赖项来保障应用安全性。