CHAINS research project at KTH Royal Institute of Technology

"Consistent Hardening and Analysis of Software Supply Chains" at KTH, funded by SSF

Pinned Repositories

breaking-good
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
Language:Java5 1 22
bump
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
Language:Java15 5 406
chains-project.github.io
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
8 7 04
dirty-waters
automatically detect software supply chain smells and issues
Language:Python12 3 281
ghasum
Checksums for GitHub Actions.
Language:Go3 3 180
GoSurf
Static analyzer to find locations to hide malicious code in Go
Language:HTML4 6 41
maven-lockfile
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Language:Java36 4 559
SBOM-2023
Experimental Data about Java SBOMs https://arxiv.org/pdf/2303.11102.pdf
Language:Jupyter Notebook6 5 33
sbom-files
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Language:Python6 5 41
sbom.exe
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Language:Java7 2 470

chains-project/ethereum-ssc
Open science data of "The Multibillion Dollar Software Supply Chain of Ethereum", IEEE Computer, 2022 http://arxiv.org/pdf/2202.07029
Language:Java3 4 00
chains-project/cdis-poster
A KTH CDIS poster template based on beamerposter, fork of kth-poster
Language:TeX0 0 00
chains-project/OSSRH-87984
Proving ownership for Sonatype
0 5 00
chains-project/VSOBFS
verifiable source-only bootstrap from scratch to a Posix-like OS and a C99 compiler (copy of tor website)
Language:Shell0 6 00
chains-project/frozen-sorald
Immutable fork to monitor changes in the SBOM producer behaviour
Language:Java0 0
chains-project/frozen-spoon
Immutable fork to monitor changes in the SBOM producer behaviour
Language:Java0 0