Skip to content

@chains-project CHAINS research project at KTH Royal Institute of Technology

Change the repository type filter

All

    Repositories list

    59 repositories

    • maven-lockfile

      Public
      Lockfiles for Maven. Pin your dependencies. Build with integrity.
      Java
      MIT License
      1351134Updated Dec 15, 2025Dec 15, 2025

    • besu

      Public
      Perpetual automerge for Besu
      Java
      Apache License 2.0
      9910199Updated Dec 15, 2025Dec 15, 2025

    • flink

      Public
      Perpetual automerge for Apache Flink
      Java
      Apache License 2.0
      14k0136Updated Dec 15, 2025Dec 15, 2025

    • sbom.exe

      Public
      calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
      Java
      MIT License
      1997Updated Dec 15, 2025Dec 15, 2025

    • dirty-waters

      Public
      automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
      Python
      MIT License
      418296Updated Dec 15, 2025Dec 15, 2025

    • deps.dev_stats

      Public
      longitudinal study of package registry growth
      Python
      0100Updated Dec 15, 2025Dec 15, 2025

    • sbom-files

      Public
      Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
      Python
      2712Updated Dec 13, 2025Dec 13, 2025

    • ghasum

      Public
      Checksums for GitHub Actions.
      checksumslockfilegha
      Go
      Apache License 2.0
      116140Updated Dec 9, 2025Dec 9, 2025

    • dirty-waters-action

      Public
      Break the build if your supply chain is dirty
      MIT License
      0163Updated Dec 8, 2025Dec 8, 2025

    • spoon

      Public
      Perpetual automerge with CI for Spoon
      Java
      Other
      3700110Updated Dec 8, 2025Dec 8, 2025

    • bump

      Public
      A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
      javadependency-analysis
      Java
      MIT License
      821410Updated Dec 7, 2025Dec 7, 2025

    • dirty-waters-utils

      Public
      Scripts used to retrieve data and acquire results for dirty-waters
      Jupyter Notebook
      0000Updated Dec 1, 2025Dec 1, 2025

    • swag

      Public
      software supply chain art
      Java
      12111Updated Nov 29, 2025Nov 29, 2025

    • moduleinfo-generator

      Public
      Java
      0010Updated Nov 25, 2025Nov 25, 2025

    • chains-project.github.io

      Public
      The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
      HTML
      MIT License
      10800Updated Nov 23, 2025Nov 23, 2025

    • reproducible-central

      Public
      Reproducible Central: rebuild instructions for artifacts published to (Maven) Central Repository
      Java
      600160Updated Nov 15, 2025Nov 15, 2025

    • goleash

      Public
      Runtime enforcement of software supply chain capabilities in Go
      C
      01810Updated Nov 12, 2025Nov 12, 2025

    • bombom

      Public
      grassroot bill of materials for linux
      Python
      0000Updated Nov 9, 2025Nov 9, 2025

    • maven-hijack-poc

      Public
      Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading
      javasupply-chain-security
      Java
      1200Updated Oct 26, 2025Oct 26, 2025

    • chains-rebuild

      Public
      Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
      Go
      Apache License 2.0
      41000Updated Oct 24, 2025Oct 24, 2025

    • lockfiles-comprehensive-study

      Public
      Java
      0100Updated Oct 18, 2025Oct 18, 2025

    • zkSBOM

      Public
      zero knowledge SBOMs (thesis Tom Sorger)
      Rust
      MIT License
      0310Updated Oct 6, 2025Oct 6, 2025

    • diffonomy

      Public
      diffoscope report analysis tool
      Python
      MIT License
      0100Updated Sep 22, 2025Sep 22, 2025

    • btc-supply-chain

      Public
      Securing the Bitcoin software supply chain with an immutable database of SHA256
      bitcoinsupply-chain
      Python
      1112Updated Sep 5, 2025Sep 5, 2025

    • bacardi

      Public
      fix breaking dependency updates 🛠️
      Java
      MIT License
      3460Updated Sep 5, 2025Sep 5, 2025

    • theo

      Public
      Mapping runtime access privileges to third-party dependencies
      Java
      MIT License
      0100Updated Sep 1, 2025Sep 1, 2025

    • DDC4j

      Public
      Diverse double compiling for Java. Bachelor thesis Elias and Eskil.
      Shell
      MIT License
      0000Updated Aug 27, 2025Aug 27, 2025

    • breaking-updates-cache

      Public
      Side data repo for breaking updates
      Java
      2000Updated Aug 21, 2025Aug 21, 2025

    • semanticanary

      Public
      Detect semantic changes in dependency updates using dynamic analysis
      Java
      MIT License
      0300Updated Aug 14, 2025Aug 14, 2025

    • maven-module-graph

      Public
      Listing and Counting Maven (sub)modules.
      Java
      0211Updated Jul 24, 2025Jul 24, 2025