CHAINS research project at KTH Royal Institute of Technology

All

46 repositories

sbom-files
Public
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Python
•1•6•1•2•Updated Feb 8, 2025Feb 8, 2025
deps.dev_stats
Public
longitudinal study of package registry growth
Python
•0•1•0•0•Updated Feb 8, 2025Feb 8, 2025
flink
Public
Perpetual automerge for Apache Flink
Java
•
Apache License 2.0
•14k•0•1•25•Updated Feb 8, 2025Feb 8, 2025
besu
Public
Perpetual automerge for Besu
Java
•
Apache License 2.0
•881•0•1•98•Updated Feb 7, 2025Feb 7, 2025
maven-lockfile
Public
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Java
•
MIT License
•8•37•12•8•Updated Feb 7, 2025Feb 7, 2025
DDC4j
Public
diverse double compiling for Java. Bachelor thesis Elias.
Shell
•
MIT License
•0•0•0•0•Updated Feb 7, 2025Feb 7, 2025
ghasum
Public
Checksums for GitHub Actions.
checksums lockfile gha
Go
•
Apache License 2.0
•0•3•10•0•Updated Feb 7, 2025Feb 7, 2025
crystal-clear
Public
understanding the smart contract supply chain
Jupyter Notebook
•
MIT License
•0•2•24•0•Updated Feb 7, 2025Feb 7, 2025
ddc
Public
DDC for CI/CD master thesis Ludvig
C
•0•0•0•0•Updated Feb 7, 2025Feb 7, 2025
dirty-waters-action
Public
Break the build if your supply chain is dirty
MIT License
•0•0•2•1•Updated Feb 6, 2025Feb 6, 2025
chains-project.github.io
Public
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
MIT License
•4•8•0•0•Updated Feb 6, 2025Feb 6, 2025
dirty-waters
Public
automatically detect software supply chain smells and issues
Python
•
MIT License
•1•12•11•1•Updated Feb 4, 2025Feb 4, 2025
bump
Public
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
java dependency-analysis
Java
•
MIT License
•6•17•4•3•Updated Jan 31, 2025Jan 31, 2025
swag
Public
software supply chain art
Java
•0•0•1•11•Updated Jan 31, 2025Jan 31, 2025
sbom.exe
Public
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Java
•
MIT License
•0•7•7•0•Updated Jan 30, 2025Jan 30, 2025
exploits-for-sbom.exe
Public
that's the sound of sbom.exe
Java
•0•0•0•0•Updated Jan 30, 2025Jan 30, 2025
classport
Public
Passports for Java class files
Java
•
MIT License
•0•0•15•1•Updated Jan 30, 2025Jan 30, 2025
spoon
Public
Perpetual automerge with CI for Spoon
Java
•
Other
•358•0•1•10•Updated Jan 26, 2025Jan 26, 2025
sbom-mc
Public
Java
•
Apache License 2.0
•4•0•0•0•Updated Jan 24, 2025Jan 24, 2025
verifiable-client-diversity
Public
A few more cents per minority client
0•2•5•0•Updated Jan 23, 2025Jan 23, 2025
breaking-good
Public template
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
Java
•
MIT License
•2•5•0•0•Updated Jan 19, 2025Jan 19, 2025
goleash
Public
Runtime enforcement of software supply chain capabilities in Go
C
•0•0•1•0•Updated Jan 13, 2025Jan 13, 2025
maven-module-graph
Public
Listing and Counting Maven (sub)modules.
Java
•0•1•0•0•Updated Jan 7, 2025Jan 7, 2025
coredns
Public
CoreDNS is a DNS server that chains plugins
Go
•
Apache License 2.0
•2.2k•0•0•0•Updated Jan 2, 2025Jan 2, 2025
bumper
Public
Fixing Breaking Dependency Updates With Large Language Models
Jupyter Notebook
•
MIT License
•0•2•0•0•Updated Nov 26, 2024Nov 26, 2024
geth-rebuild
Public
A verifiable rebuilder for geth
Go
•0•2•5•0•Updated Nov 12, 2024Nov 12, 2024
by-the-pool
Public
finding differences by the constant pool
Java
•0•0•3•1•Updated Oct 27, 2024Oct 27, 2024
by-the-pool-dataset
Public
0•0•0•0•Updated Oct 8, 2024Oct 8, 2024
GoSurf
Public
Static analyzer to find locations to hide malicious code in Go
HTML
•1•4•4•1•Updated Oct 3, 2024Oct 3, 2024
theo
Public
Mapping runtime access privileges to third-party dependencies
Java
•
MIT License
•0•0•0•0•Updated Sep 14, 2024Sep 14, 2024