CHAINS research project at KTH Royal Institute of Technology

All

59 repositories

flink
Public
Perpetual automerge for Apache Flink
Java
•
Apache License 2.0
•14k•0•1•25•Updated Sep 21, 2025Sep 21, 2025
besu
Public
Perpetual automerge for Besu
Java
•
Apache License 2.0
•964•0•1•97•Updated Sep 21, 2025Sep 21, 2025
sbom-files
Public
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Python
•1•6•1•2•Updated Sep 21, 2025Sep 21, 2025
maven-lockfile
Public
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Java
•
MIT License
•12•46•17•5•Updated Sep 21, 2025Sep 21, 2025
sbom.exe
Public
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Java
•
MIT License
•1•8•7•4•Updated Sep 21, 2025Sep 21, 2025
ghasum
Public
Checksums for GitHub Actions.
checksums lockfile gha
Go
•
Apache License 2.0
•1•15•12•0•Updated Sep 20, 2025Sep 20, 2025
dirty-waters
Public
automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
Python
•
MIT License
•4•17•28•9•Updated Sep 19, 2025Sep 19, 2025
dirty-waters-action
Public
Break the build if your supply chain is dirty
MIT License
•0•1•6•2•Updated Sep 18, 2025Sep 18, 2025
bombom
Public
grassroot bill of materials for linux
Python
•0•0•0•0•Updated Sep 17, 2025Sep 17, 2025
deps.dev_stats
Public
longitudinal study of package registry growth
Python
•0•1•0•0•Updated Sep 17, 2025Sep 17, 2025
swag
Public
software supply chain art
Java
•1•2•1•11•Updated Sep 13, 2025Sep 13, 2025
chains-project.github.io
Public
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
HTML
•
MIT License
•9•8•0•0•Updated Sep 10, 2025Sep 10, 2025
spoon
Public
Perpetual automerge with CI for Spoon
Java
•
Other
•364•0•1•10•Updated Sep 8, 2025Sep 8, 2025
reproducible-central
Public
Reproducible Central: rebuild instructions for artifacts published to (Maven) Central Repository
Java
•57•0•16•0•Updated Sep 8, 2025Sep 8, 2025
btc-supply-chain
Public
Securing the Bitcoin software supply chain with an immutable database of SHA256
supply-chain bitcoin
Python
•1•1•1•2•Updated Sep 5, 2025Sep 5, 2025
bacardi
Public
fix breaking dependency updates 🛠️
Java
•
MIT License
•2•3•6•0•Updated Sep 5, 2025Sep 5, 2025
bump
Public
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
java dependency-analysis
Java
•
MIT License
•8•20•4•10•Updated Sep 4, 2025Sep 4, 2025
theo
Public
Mapping runtime access privileges to third-party dependencies
Java
•
MIT License
•0•0•0•0•Updated Sep 1, 2025Sep 1, 2025
DDC4j
Public
Diverse double compiling for Java. Bachelor thesis Elias and Eskil.
Shell
•
MIT License
•0•0•0•0•Updated Aug 27, 2025Aug 27, 2025
diffonomy
Public
diffoscope report analysis tool
Python
•
MIT License
•0•0•0•0•Updated Aug 22, 2025Aug 22, 2025
breaking-updates-cache
Public
Side data repo for breaking updates
Java
•2•0•0•0•Updated Aug 21, 2025Aug 21, 2025
zkSBOM
Public
zero knowledge SBOMs (thesis Tom Sorger)
Rust
•
MIT License
•0•2•0•0•Updated Aug 20, 2025Aug 20, 2025
chains-rebuild
Public
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
Go
•
Apache License 2.0
•34•0•0•0•Updated Aug 15, 2025Aug 15, 2025
semanticanary
Public
Detect semantic changes in dependency updates using dynamic analysis
Java
•
MIT License
•0•2•0•0•Updated Aug 14, 2025Aug 14, 2025
goleash
Public
Runtime enforcement of software supply chain capabilities in Go
C
•0•18•1•0•Updated Jul 30, 2025Jul 30, 2025
maven-module-graph
Public
Listing and Counting Maven (sub)modules.
Java
•0•1•1•1•Updated Jul 24, 2025Jul 24, 2025
classport
Public
Passports for Java class files
Java
•
MIT License
•1•2•16•0•Updated Jul 14, 2025Jul 14, 2025
classport-experiments
Public
Experiments related to the Classport projects
Java
•0•0•0•0•Updated Jul 7, 2025Jul 7, 2025
exploits-for-sbom.exe
Public
that's the sound of sbom.exe
Java
•0•0•0•0•Updated Jul 4, 2025Jul 4, 2025
ddc4cd
Public
DDC for CI/CD master thesis Ludvig
Shell
•0•1•3•0•Updated Jul 2, 2025Jul 2, 2025