CHAINS research project at KTH Royal Institute of Technology

All

58 repositories

maven-lockfile
Public
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Java
•
MIT License
•12•44•16•5•Updated Aug 9, 2025Aug 9, 2025
flink
Public
Perpetual automerge for Apache Flink
Java
•
Apache License 2.0
•14k•0•1•26•Updated Aug 9, 2025Aug 9, 2025
sbom-files
Public
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Python
•1•6•1•2•Updated Aug 9, 2025Aug 9, 2025
besu
Public
Perpetual automerge for Besu
Java
•
Apache License 2.0
•953•0•1•97•Updated Aug 8, 2025Aug 8, 2025
ghasum
Public
Checksums for GitHub Actions.
checksums lockfile gha
Go
•
Apache License 2.0
•1•13•15•3•Updated Aug 8, 2025Aug 8, 2025
sbom.exe
Public
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Java
•
MIT License
•1•7•7•3•Updated Aug 7, 2025Aug 7, 2025
dirty-waters
Public
automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
Python
•
MIT License
•4•17•28•6•Updated Aug 7, 2025Aug 7, 2025
bacardi
Public
fix breaking dependency updates 🛠️
Java
•
MIT License
•2•3•6•0•Updated Aug 6, 2025Aug 6, 2025
theo
Public
Mapping runtime access privileges to third-party dependencies
Java
•
MIT License
•0•0•0•0•Updated Aug 4, 2025Aug 4, 2025
diffoscope-analyzer
Public
Python
•
MIT License
•0•0•0•0•Updated Aug 4, 2025Aug 4, 2025
goleash
Public
Runtime enforcement of software supply chain capabilities in Go
C
•0•17•1•0•Updated Jul 30, 2025Jul 30, 2025
bump
Public
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
java dependency-analysis
Java
•
MIT License
•8•20•4•9•Updated Jul 29, 2025Jul 29, 2025
reproducible-central
Public
Reproducible Central: rebuild instructions for artifacts published to (Maven) Central Repository
Java
•57•0•16•0•Updated Jul 28, 2025Jul 28, 2025
dirty-waters-action
Public
Break the build if your supply chain is dirty
MIT License
•0•1•5•2•Updated Jul 28, 2025Jul 28, 2025
maven-module-graph
Public
Listing and Counting Maven (sub)modules.
Java
•0•1•1•1•Updated Jul 24, 2025Jul 24, 2025
breaking-updates-cache
Public
Side data repo for breaking updates
Java
•2•0•0•0•Updated Jul 24, 2025Jul 24, 2025
chains-project.github.io
Public
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
MIT License
•9•8•0•0•Updated Jul 23, 2025Jul 23, 2025
zkSBOM
Public
zero knowledge SBOMs (thesis Tom Sorger)
Rust
•
MIT License
•0•2•0•0•Updated Jul 15, 2025Jul 15, 2025
classport
Public
Passports for Java class files
Java
•
MIT License
•1•2•16•0•Updated Jul 14, 2025Jul 14, 2025
spoon
Public
Perpetual automerge with CI for Spoon
Java
•
Other
•361•0•1•10•Updated Jul 9, 2025Jul 9, 2025
classport-experiments
Public
Experiments related to the Classport projects
Java
•0•0•0•0•Updated Jul 7, 2025Jul 7, 2025
exploits-for-sbom.exe
Public
that's the sound of sbom.exe
Java
•0•0•0•0•Updated Jul 4, 2025Jul 4, 2025
ddc4cd
Public
DDC for CI/CD master thesis Ludvig
Shell
•0•1•3•0•Updated Jul 2, 2025Jul 2, 2025
class-hijack-poc
Public
Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading
java supply-chain-security
Java
•1•1•0•0•Updated Jul 2, 2025Jul 2, 2025
dirty-waters-utils
Public
Scripts used to retrieve data and acquire results for dirty-waters
Jupyter Notebook
•0•0•0•0•Updated Jun 29, 2025Jun 29, 2025
tcc-hardened
Public
Hardened releases of the tcc C compiler through Diverse Double-Compiling
0•1•2•0•Updated Jun 11, 2025Jun 11, 2025
deps.dev_stats
Public
longitudinal study of package registry growth
Python
•0•1•0•0•Updated Jun 11, 2025Jun 11, 2025
swag
Public
software supply chain art
Java
•1•2•1•11•Updated May 31, 2025May 31, 2025
verifiable-client-diversity
Public
A few more cents per minority client
0•3•5•0•Updated May 22, 2025May 22, 2025
chains-rebuild
Public
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
Go
•
Apache License 2.0
•32•0•0•0•Updated May 22, 2025May 22, 2025