CHAINS research project at KTH Royal Institute of Technology

All

41 repositories

sbom-files
Public
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Python
•1•6•1•2•Updated Nov 8, 2024Nov 8, 2024
deps.dev_stats
Public
longitudinal study of package registry growth
0•0•0•0•Updated Nov 8, 2024Nov 8, 2024
maven-lockfile
Public
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Java
•
MIT License
•9•32•13•0•Updated Nov 8, 2024Nov 8, 2024
flink
Public
Perpetual automerge for Apache Flink
Java
•
Apache License 2.0
•13k•0•1•26•Updated Nov 8, 2024Nov 8, 2024
ghasum
Public
Checksums for GitHub Actions.
checksums lockfile gha
Go
•
Apache License 2.0
•0•2•9•1•Updated Nov 8, 2024Nov 8, 2024
dirty-waters
Public
automatically detect software supply chain smells and issues
Python
•
MIT License
•0•9•12•1•Updated Nov 7, 2024Nov 7, 2024
besu
Public
Perpetual automerge for Besu
Java
•
Apache License 2.0
•831•0•1•93•Updated Nov 7, 2024Nov 7, 2024
DDC4j
Public
MIT License
•0•0•0•0•Updated Nov 6, 2024Nov 6, 2024
chains-project.github.io
Public
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
MIT License
•3•7•0•0•Updated Nov 6, 2024Nov 6, 2024
sbom.exe
Public
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Java
•
MIT License
•0•7•7•0•Updated Nov 3, 2024Nov 3, 2024
bump
Public
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
java dependency-analysis
Java
•
MIT License
•5•15•4•0•Updated Nov 3, 2024Nov 3, 2024
swag
Public
software supply chain art
Java
•0•0•1•11•Updated Nov 2, 2024Nov 2, 2024
classport
Public
Passports for Java class files
Java
•
MIT License
•0•0•7•0•Updated Oct 30, 2024Oct 30, 2024
scsc
Public
smart contract supply chain
Python
•0•1•22•1•Updated Oct 30, 2024Oct 30, 2024
goleash
Public
Runtime enforcement of software supply chain capabilities in Go
C
•0•0•1•1•Updated Oct 28, 2024Oct 28, 2024
by-the-pool
Public
finding differences by the constant pool
Java
•0•0•3•1•Updated Oct 27, 2024Oct 27, 2024
spoon
Public
Perpetual automerge with CI for Spoon
Java
•
Other
•351•0•1•10•Updated Oct 25, 2024Oct 25, 2024
coredns
Public
CoreDNS is a DNS server that chains plugins
Go
•
Apache License 2.0
•2.1k•0•0•0•Updated Oct 10, 2024Oct 10, 2024
by-the-pool-dataset
Public
0•0•0•0•Updated Oct 8, 2024Oct 8, 2024
GoSurf
Public
Static analyzer to find locations to hide malicious code in Go
HTML
•1•2•4•1•Updated Oct 3, 2024Oct 3, 2024
verifiable-client-diversity
Public
A few more cents per minority client
0•2•4•0•Updated Sep 19, 2024Sep 19, 2024
theo
Public
Mapping runtime access privileges to third-party dependencies
Java
•
MIT License
•0•0•0•0•Updated Sep 14, 2024Sep 14, 2024
exploits-for-sbom.exe
Public
that's the sound of sbom.exe
Java
•0•0•0•0•Updated Sep 5, 2024Sep 5, 2024
breaking-good
Public template
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
Java
•
MIT License
•2•5•0•0•Updated Aug 26, 2024Aug 26, 2024
geth-rebuild
Public
A verifiable rebuilder for geth
Go
•0•1•4•0•Updated Aug 22, 2024Aug 22, 2024
btc-supply-chain
Public
Securing the Bitcoin software supply chain with an immutable database of SHA256
supply-chain bitcoin
Python
•1•1•1•2•Updated Aug 8, 2024Aug 8, 2024
breaking-good-user-study
Public
Java
•
MIT License
•0•0•0•0•Updated Jun 13, 2024Jun 13, 2024
breaking-updates-cache
Public
Side data repo for breaking updates
Java
•2•0•0•0•Updated May 14, 2024May 14, 2024
log4shell-poc
Public archive
executable log4shell attack
Java
•0•0•0•0•Updated Apr 29, 2024Apr 29, 2024
exploit-apps
Public
Java
•2•0•0•0•Updated Apr 20, 2024Apr 20, 2024