GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Py...GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub’s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.展开更多
This paper deals with surface wave propagation (WP) effects on buried segmented pipelines. Both simplified analytical model and finite element (FE) model are developed for estimating the axial joint pullout moveme...This paper deals with surface wave propagation (WP) effects on buried segmented pipelines. Both simplified analytical model and finite element (FE) model are developed for estimating the axial joint pullout movement of jointed concrete cylinder pipelines (JCCPs) of which the joints have a brittle tensile failure mode under the surface WP effects. The models account for the effects of peak ground velocity (PGV), WP velocity, predominant period of seismic excitation, shear transfer between soil and pipelines, axial stiffness of pipelines, joint characteristics, and cracking strain of concrete mortar. FE simulation of the JCCP interaction with surface waves recorded during the 1985 Michoacan earthquake results in joint pullout movement, which is consistent with the field observations. The models are expanded to estimate the joint axial pullout movement of cast iron (CI) pipelines of which the joints have a ductile tensile failure mode. Simplified analytical equation and FE model are developed for estimating the joint pullout movement of CI pipelines. The joint pullout movement of the CI pipelines is mainly affected by the variability of the joint tensile capacity and accumulates at local weak joints in the pipeline.展开更多
Using the first-principles plane-wave calculations within density functional theory, the perfect bi-layer and monolayer terminated WZ-CIS (100)/WZ-CdS (100) interfaces are investigated. After relaxation the atomic...Using the first-principles plane-wave calculations within density functional theory, the perfect bi-layer and monolayer terminated WZ-CIS (100)/WZ-CdS (100) interfaces are investigated. After relaxation the atomic positions and the bond lengths change slightly on the two interfaces. The WZ-CIS/WZ-CdS interfaces can exist stably, when the interface bonding energies are -0.481 J/m2 (bi-layer terminated interface) and -0.677 J/m2 (monolayer terminated interface). Via analysis of the density of states, difference charge density and Bader charges, no interface state is found near the Fermi level. The stronger adhesion of the monolayer terminated interface is attributed to more electron transformations and orbital hybridizations, promoting stable interfacial bonds between atoms than those on a bi-layer terminated interface.展开更多
Coal pillars are usually loaded under combined compression-shear stresses at underground coal mines.Their long-term stability is critical to the utilization of underground structures,such as underground reservoirs at ...Coal pillars are usually loaded under combined compression-shear stresses at underground coal mines.Their long-term stability is critical to the utilization of underground structures,such as underground reservoirs at coal mines.In this study,a modified rock property testing system was used to explore the mechanical properties of coal specimens under quasi-static combined compression-shear loading conditions.The acoustic emission technique was applied to investigating the microcrack fracturing of coal specimens at various inclination angles.The experimental results show that specimen inclination has remarkable effects on the microcrack initiation,microcrack damage and ultimate failure of the coal specimen.The failure mode of the coal specimen tends to transit from axial splitting to shear failure with increasing specimen inclination,and its peak strength is closely associated with the microcrack damage threshold.In practice,it is recommended to consider coal strength under combined compression-shear loading when using empirical pillar strength formulae so that the effect of pillar inclination can be included.展开更多
近年来,智能电视上的OTT(Over the Top)桌面非常流行,它提供了内容分类浏览、播放、搜索、运营和推荐等功能。由于业务需要,功能还在继续升级更新中,这使软件的复杂度越来越高,带来开发和维护的难题。高效的开发运维系统(DevOps),是软...近年来,智能电视上的OTT(Over the Top)桌面非常流行,它提供了内容分类浏览、播放、搜索、运营和推荐等功能。由于业务需要,功能还在继续升级更新中,这使软件的复杂度越来越高,带来开发和维护的难题。高效的开发运维系统(DevOps),是软件迭代升级的重要保障。该论文基于OTT桌面的应用场景和亚马逊云原生资源,研究和设计了高效的DevOps系统,包括OTT桌面系统框架,微服务,持续集成和交付,以及集中式日志系统,并应用到了商业项目中。展开更多
文摘GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub’s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.
基金funded by the Earthquake Engineering Research Centers Program of the National Science Foundation (NSF), under grant number EEC-9701471, through the Multidisciplinary Center for Earthquake Engineering Research (MCEER)the NSFMCEER
文摘This paper deals with surface wave propagation (WP) effects on buried segmented pipelines. Both simplified analytical model and finite element (FE) model are developed for estimating the axial joint pullout movement of jointed concrete cylinder pipelines (JCCPs) of which the joints have a brittle tensile failure mode under the surface WP effects. The models account for the effects of peak ground velocity (PGV), WP velocity, predominant period of seismic excitation, shear transfer between soil and pipelines, axial stiffness of pipelines, joint characteristics, and cracking strain of concrete mortar. FE simulation of the JCCP interaction with surface waves recorded during the 1985 Michoacan earthquake results in joint pullout movement, which is consistent with the field observations. The models are expanded to estimate the joint axial pullout movement of cast iron (CI) pipelines of which the joints have a ductile tensile failure mode. Simplified analytical equation and FE model are developed for estimating the joint pullout movement of CI pipelines. The joint pullout movement of the CI pipelines is mainly affected by the variability of the joint tensile capacity and accumulates at local weak joints in the pipeline.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.11164014 and 11364025)the Gansu Science and Technology Pillar Program,China(Grant No.1204GKCA057)
文摘Using the first-principles plane-wave calculations within density functional theory, the perfect bi-layer and monolayer terminated WZ-CIS (100)/WZ-CdS (100) interfaces are investigated. After relaxation the atomic positions and the bond lengths change slightly on the two interfaces. The WZ-CIS/WZ-CdS interfaces can exist stably, when the interface bonding energies are -0.481 J/m2 (bi-layer terminated interface) and -0.677 J/m2 (monolayer terminated interface). Via analysis of the density of states, difference charge density and Bader charges, no interface state is found near the Fermi level. The stronger adhesion of the monolayer terminated interface is attributed to more electron transformations and orbital hybridizations, promoting stable interfacial bonds between atoms than those on a bi-layer terminated interface.
基金supported by the Fundamental Research Funds for the Central Universities(Grant No.2018QNA31)。
文摘Coal pillars are usually loaded under combined compression-shear stresses at underground coal mines.Their long-term stability is critical to the utilization of underground structures,such as underground reservoirs at coal mines.In this study,a modified rock property testing system was used to explore the mechanical properties of coal specimens under quasi-static combined compression-shear loading conditions.The acoustic emission technique was applied to investigating the microcrack fracturing of coal specimens at various inclination angles.The experimental results show that specimen inclination has remarkable effects on the microcrack initiation,microcrack damage and ultimate failure of the coal specimen.The failure mode of the coal specimen tends to transit from axial splitting to shear failure with increasing specimen inclination,and its peak strength is closely associated with the microcrack damage threshold.In practice,it is recommended to consider coal strength under combined compression-shear loading when using empirical pillar strength formulae so that the effect of pillar inclination can be included.
文摘近年来,智能电视上的OTT(Over the Top)桌面非常流行,它提供了内容分类浏览、播放、搜索、运营和推荐等功能。由于业务需要,功能还在继续升级更新中,这使软件的复杂度越来越高,带来开发和维护的难题。高效的开发运维系统(DevOps),是软件迭代升级的重要保障。该论文基于OTT桌面的应用场景和亚马逊云原生资源,研究和设计了高效的DevOps系统,包括OTT桌面系统框架,微服务,持续集成和交付,以及集中式日志系统,并应用到了商业项目中。