Skip to content

@chains-project CHAINS research project at KTH Royal Institute of Technology

Change the repository type filter

All

    Repositories list

    61 repositories

    • bump

      Public
      A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
      javadependency-analysis
      Java
      MIT License
      82159Updated Feb 15, 2026Feb 15, 2026

    • sbom-files

      Public
      Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
      Python
      2712Updated Feb 15, 2026Feb 15, 2026

    • besu

      Public
      Perpetual automerge for Besu
      Java
      Apache License 2.0
      1k0197Updated Feb 15, 2026Feb 15, 2026

    • ghasum

      Public
      Checksums for GitHub Actions.
      checksumslockfilegha
      Go
      Apache License 2.0
      118202Updated Feb 15, 2026Feb 15, 2026

    • sbom.exe

      Public
      calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
      Java
      MIT License
      1997Updated Feb 15, 2026Feb 15, 2026

    • deps.dev_stats

      Public
      longitudinal study of package registry growth
      Python
      0100Updated Feb 15, 2026Feb 15, 2026

    • maven-lockfile

      Public
      Lockfiles for Maven. Pin your dependencies. Build with integrity.
      Java
      MIT License
      1455156Updated Feb 15, 2026Feb 15, 2026

    • dirty-waters

      Public
      automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
      Python
      MIT License
      518305Updated Feb 13, 2026Feb 13, 2026

    • dirty-waters-action

      Public
      Break the build if your supply chain is dirty
      MIT License
      0165Updated Feb 12, 2026Feb 12, 2026

    • chains-project.github.io

      Public
      The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
      HTML
      MIT License
      11800Updated Feb 12, 2026Feb 12, 2026

    • flink

      Public
      Perpetual automerge for Apache Flink
      Java
      Apache License 2.0
      14k0123Updated Feb 11, 2026Feb 11, 2026

    • pypi1000

      Public
      1000 Github repositories on Pypi
      Python
      0000Updated Feb 9, 2026Feb 9, 2026

    • javascript-bundling-reproducible-builds

      Public
      Python
      0000Updated Feb 9, 2026Feb 9, 2026

    • bombom

      Public
      grassroot bill of materials for linux
      Python
      0000Updated Feb 8, 2026Feb 8, 2026

    • dirty-waters-utils

      Public
      Scripts used to retrieve data and acquire results for dirty-waters
      Jupyter Notebook
      0000Updated Feb 6, 2026Feb 6, 2026

    • swag

      Public
      software supply chain art
      Java
      12111Updated Feb 1, 2026Feb 1, 2026

    • maven-hijack-poc

      Public
      Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading
      javasupply-chain-security
      Java
      1300Updated Jan 30, 2026Jan 30, 2026

    • spoon

      Public
      Perpetual automerge with CI for Spoon
      Java
      Other
      3750110Updated Jan 23, 2026Jan 23, 2026

    • classport-experiments

      Public
      Experiments related to the Classport projects
      Java
      0010Updated Jan 21, 2026Jan 21, 2026

    • classport

      Public
      Passports for Java class files
      Java
      MIT License
      12140Updated Jan 20, 2026Jan 20, 2026

    • moduleinfo-generator

      Public
      Java
      0010Updated Nov 25, 2025Nov 25, 2025

    • reproducible-central

      Public
      Reproducible Central: rebuild instructions for artifacts published to (Maven) Central Repository
      Java
      610160Updated Nov 15, 2025Nov 15, 2025

    • goleash

      Public
      Runtime enforcement of software supply chain capabilities in Go
      C
      01910Updated Nov 12, 2025Nov 12, 2025

    • chains-rebuild

      Public
      Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
      Go
      Apache License 2.0
      46000Updated Oct 24, 2025Oct 24, 2025

    • lockfiles-comprehensive-study

      Public
      Java
      0200Updated Oct 18, 2025Oct 18, 2025

    • zkSBOM

      Public
      zero knowledge SBOMs (thesis Tom Sorger)
      Rust
      MIT License
      0310Updated Oct 6, 2025Oct 6, 2025

    • diffonomy

      Public
      diffoscope report analysis tool
      Python
      MIT License
      0100Updated Sep 22, 2025Sep 22, 2025

    • btc-supply-chain

      Public
      Securing the Bitcoin software supply chain with an immutable database of SHA256
      bitcoinsupply-chain
      Python
      1112Updated Sep 5, 2025Sep 5, 2025

    • bacardi

      Public
      fix breaking dependency updates 🛠️
      Java
      MIT License
      3460Updated Sep 5, 2025Sep 5, 2025

    • theo

      Public
      Mapping runtime access privileges to third-party dependencies
      Java
      MIT License
      0100Updated Sep 1, 2025Sep 1, 2025