CHAINS research project at KTH Royal Institute of Technology
"Consistent Hardening and Analysis of Software Supply Chains" at KTH, funded by SSF
Pinned Repositories
breaking-good
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
bump
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
chains-project.github.io
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
dirty-waters
automatically detect software supply chain smells and issues
ghasum
Checksums for GitHub Actions.
GoSurf
Static analyzer to find locations to hide malicious code in Go
maven-lockfile
Lockfiles for Maven. Pin your dependencies. Build with integrity.
SBOM-2023
Experimental Data about Java SBOMs https://arxiv.org/pdf/2303.11102.pdf
sbom-files
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
sbom.exe
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
CHAINS research project at KTH Royal Institute of Technology's Repositories
chains-project/maven-lockfile
Lockfiles for Maven. Pin your dependencies. Build with integrity.
chains-project/bump
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
chains-project/dirty-waters
automatically detect software supply chain smells and issues
chains-project/chains-project.github.io
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
chains-project/sbom.exe
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
chains-project/sbom-files
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
chains-project/breaking-good
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
chains-project/GoSurf
Static analyzer to find locations to hide malicious code in Go
chains-project/ghasum
Checksums for GitHub Actions.
chains-project/bumper
Fixing Breaking Dependency Updates With Large Language Models
chains-project/scsc
smart contract supply chain
chains-project/verifiable-client-diversity
A few more cents per minority client
chains-project/btc-supply-chain
Securing the Bitcoin software supply chain with an immutable database of SHA256
chains-project/geth-rebuild
A verifiable rebuilder for geth
chains-project/besu
Perpetual automerge for Besu
chains-project/breaking-updates-cache
Side data repo for breaking updates
chains-project/classport
Passports for Java class files
chains-project/flink
Perpetual automerge for Apache Flink
chains-project/spoon
Perpetual automerge with CI for Spoon
chains-project/swag
software supply chain art
chains-project/breaking-good-user-study
chains-project/by-the-pool
finding differences by the constant pool
chains-project/by-the-pool-dataset
chains-project/coredns
CoreDNS is a DNS server that chains plugins
chains-project/DDC4j
chains-project/deps.dev_stats
longitudinal study of package registry growth
chains-project/exploits-for-sbom.exe
that's the sound of sbom.exe
chains-project/goleash
Runtime enforcement of software supply chain capabilities in Go
chains-project/log4shell-poc
executable log4shell attack
chains-project/theo
Mapping runtime access privileges to third-party dependencies