Skip to content

@chains-project CHAINS research project at KTH Royal Institute of Technology

Change the repository type filter

All

    Repositories list

    60 repositories

    • sbom-files

      Public
      Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
      Python
      2712Updated Jan 9, 2026Jan 9, 2026

    • flink

      Public
      Perpetual automerge for Apache Flink
      Java
      Apache License 2.0
      14k0129Updated Jan 9, 2026Jan 9, 2026

    • ghasum

      Public
      Checksums for GitHub Actions.
      checksumslockfilegha
      Go
      Apache License 2.0
      117171Updated Jan 9, 2026Jan 9, 2026

    • maven-lockfile

      Public
      Lockfiles for Maven. Pin your dependencies. Build with integrity.
      Java
      MIT License
      1352135Updated Jan 9, 2026Jan 9, 2026

    • deps.dev_stats

      Public
      longitudinal study of package registry growth
      Python
      0100Updated Jan 8, 2026Jan 8, 2026

    • besu

      Public
      Perpetual automerge for Besu
      Java
      Apache License 2.0
      9950199Updated Jan 8, 2026Jan 8, 2026

    • chains-project.github.io

      Public
      The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
      HTML
      MIT License
      11800Updated Jan 8, 2026Jan 8, 2026

    • sbom.exe

      Public
      calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
      Java
      MIT License
      1997Updated Jan 6, 2026Jan 6, 2026

    • classport

      Public
      Passports for Java class files
      Java
      MIT License
      12140Updated Jan 6, 2026Jan 6, 2026

    • classport-experiments

      Public
      Experiments related to the Classport projects
      Java
      0010Updated Jan 6, 2026Jan 6, 2026

    • bump

      Public
      A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
      javadependency-analysis
      Java
      MIT License
      821410Updated Jan 6, 2026Jan 6, 2026

    • dirty-waters

      Public
      automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
      Python
      MIT License
      418298Updated Jan 3, 2026Jan 3, 2026

    • dirty-waters-action

      Public
      Break the build if your supply chain is dirty
      MIT License
      0165Updated Dec 31, 2025Dec 31, 2025

    • javascript-bundling-reproducible-builds

      Public
      Python
      0000Updated Dec 20, 2025Dec 20, 2025

    • spoon

      Public
      Perpetual automerge with CI for Spoon
      Java
      Other
      3750110Updated Dec 8, 2025Dec 8, 2025

    • dirty-waters-utils

      Public
      Scripts used to retrieve data and acquire results for dirty-waters
      Jupyter Notebook
      0000Updated Dec 1, 2025Dec 1, 2025

    • swag

      Public
      software supply chain art
      Java
      12111Updated Nov 29, 2025Nov 29, 2025

    • moduleinfo-generator

      Public
      Java
      0010Updated Nov 25, 2025Nov 25, 2025

    • reproducible-central

      Public
      Reproducible Central: rebuild instructions for artifacts published to (Maven) Central Repository
      Java
      600160Updated Nov 15, 2025Nov 15, 2025

    • goleash

      Public
      Runtime enforcement of software supply chain capabilities in Go
      C
      01910Updated Nov 12, 2025Nov 12, 2025

    • bombom

      Public
      grassroot bill of materials for linux
      Python
      0000Updated Nov 9, 2025Nov 9, 2025

    • maven-hijack-poc

      Public
      Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading
      javasupply-chain-security
      Java
      1200Updated Oct 26, 2025Oct 26, 2025

    • chains-rebuild

      Public
      Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
      Go
      Apache License 2.0
      44000Updated Oct 24, 2025Oct 24, 2025

    • lockfiles-comprehensive-study

      Public
      Java
      0200Updated Oct 18, 2025Oct 18, 2025

    • zkSBOM

      Public
      zero knowledge SBOMs (thesis Tom Sorger)
      Rust
      MIT License
      0310Updated Oct 6, 2025Oct 6, 2025

    • diffonomy

      Public
      diffoscope report analysis tool
      Python
      MIT License
      0100Updated Sep 22, 2025Sep 22, 2025

    • btc-supply-chain

      Public
      Securing the Bitcoin software supply chain with an immutable database of SHA256
      bitcoinsupply-chain
      Python
      1112Updated Sep 5, 2025Sep 5, 2025

    • bacardi

      Public
      fix breaking dependency updates 🛠️
      Java
      MIT License
      3460Updated Sep 5, 2025Sep 5, 2025

    • theo

      Public
      Mapping runtime access privileges to third-party dependencies
      Java
      MIT License
      0100Updated Sep 1, 2025Sep 1, 2025

    • DDC4j

      Public
      Diverse double compiling for Java. Bachelor thesis Elias and Eskil.
      Shell
      MIT License
      0000Updated Aug 27, 2025Aug 27, 2025