Current focus
Empirical studies on dependency graphs, SBOM enrichment, and code origin detection.
- GitHub dependency graph accuracy
- Software Bills of Materials and repository mining
- LLM-generated code provenance and licensing
PhD Student • Software Engineering • AI & Supply Chain Research
Researching how software dependencies and AI-generated code behave in the real world.
I am Daniele Bifolco, a PhD student in Information Technologies for Engineering at the University of Sannio. My work sits at the intersection of software repositories, dependency intelligence, code provenance, and empirical software engineering.
6
Selected publications listed
3
Core research threads
2026
Active committee service
Affiliation
University of Sannio
Based in
Benevento, Italy
About
Academic profile with a human layer.
I earned my Bachelor's Degree in Computer Engineering from the University of Salerno in 2020 and my Master's Degree in Computer Science in 2023. Since then, I have been building a research path around software engineering, repository mining, and AI-assisted development.
My work is grounded in empirical methods: I like taking widely used developer tools and platforms, measuring how they behave in practice, and understanding where the gaps are. That includes dependency metadata accuracy, SBOM generation quality, and how large language models relate generated code to existing public code.
Outside research, I care about music, travel, consumer tech, and the kinds of side interests that keep technical work creative.
Music, travel, and technology culture.
Personal note
Mina makes occasional appearances.
Research
Three areas that define the current research direction.
Dependency intelligence
Studying the accuracy, limitations, and implications of dependency metadata in platforms such as GitHub.
SBOM enrichment
Mining software repositories to produce richer and more dependable software bills of materials.
AI code provenance
Investigating whether code generated by LLMs can be linked back to likely origins, repositories, and licenses.
Publications
Publications
Showing 6 publications
An empirical study on the accuracy of GitHub's dependency graph and the nature of its inaccuracy
Information and Software Technology (IST)
Do LLMs provide links to code similar to what they generate? A Study with Gemini and Bing CoPilot
22nd IEEE/ACM International Conference on Mining Software Repositories (MSR)
CodeGenLink: A Tool to Find the Likely Origin and License of Automatically Generated Code
Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025)
ALOHA: A (IBoM) tooL generatOr for Hugging fAce
Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering (EASE)
On the Accuracy of GitHub's Dependency Graph
Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering (EASE)
MSR4SBOM: Mining Software Repositories for Enhanced Software Bills of Materials
18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)
No publications match the current filters.
Try clearing the search field or switching the year filter.
Service
Academic service and committee work.
ICSME 2026
Program Committee member for the Tool Demo and Data Showcase Track, and Web Chair in the Organizing Committee.
ACQUIRE 2026
Program Committee member for the 1st International Workshop on AI Code Quality, Integrity & Reliability.
TOSEM & A-SPPI 2025
Reviewer for ACM Transactions on Software Engineering and Methodology and Program Committee member for A-SPPI 2025.
