CHAINS research project at KTH Royal Institute of Technology

All

37 repositories

flink
Public
Perpetual automerge for Apache Flink
Java
•
Apache License 2.0
•13k•0•1•26•Updated Oct 3, 2024Oct 3, 2024
GoSurf
Public
Static analyzer to find locations to hide malicious code in Go
HTML
•1•2•4•1•Updated Oct 3, 2024Oct 3, 2024
deps.dev_stats
Public
longitudinal study of package registry growth
0•0•0•0•Updated Oct 3, 2024Oct 3, 2024
maven-lockfile
Public
Lockfiles for Maven. Pin your dependencies. Build with integrity.
Java
•
MIT License
•9•31•10•3•Updated Oct 2, 2024Oct 2, 2024
goleash
Public
Runtime enforcement of software supply chain capabilities in Go
C
•0•0•0•0•Updated Oct 2, 2024Oct 2, 2024
coredns
Public
CoreDNS is a DNS server that chains plugins
Go
•
Apache License 2.0
•2.1k•0•0•0•Updated Oct 2, 2024Oct 2, 2024
sbom.exe
Public
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
Java
•
MIT License
•0•6•8•0•Updated Oct 2, 2024Oct 2, 2024
besu
Public
Perpetual automerge for Besu
Java
•
Apache License 2.0
•812•0•1•93•Updated Oct 1, 2024Oct 1, 2024
sbom-files
Public
Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf
Python
•1•6•1•2•Updated Oct 1, 2024Oct 1, 2024
scsc
Public
smart contract supply chain
Python
•0•2•16•0•Updated Sep 29, 2024Sep 29, 2024
chains-project.github.io
Public
The source for the website of the SSF CHAINS project https://chains.proj.kth.se/
MIT License
•3•7•0•0•Updated Sep 27, 2024Sep 27, 2024
bump
Public
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
java dependency-analysis
Java
•
MIT License
•5•15•4•1•Updated Sep 27, 2024Sep 27, 2024
spoon
Public
Perpetual automerge with CI for Spoon
Java
•
Other
•347•0•1•10•Updated Sep 25, 2024Sep 25, 2024
verifiable-client-diversity
Public
A few more cents per minority client
0•2•4•0•Updated Sep 19, 2024Sep 19, 2024
theo
Public
Mapping runtime access privileges to third-party dependencies
Java
•
MIT License
•0•0•0•0•Updated Sep 14, 2024Sep 14, 2024
by-the-pool
Public
finding differences by the constant pool
Java
•0•0•2•1•Updated Sep 10, 2024Sep 10, 2024
exploits-for-sbom.exe
Public
that's the sound of sbom.exe
Java
•0•0•0•0•Updated Sep 5, 2024Sep 5, 2024
swag
Public
software supply chain art
Java
•0•0•1•11•Updated Aug 27, 2024Aug 27, 2024
breaking-good
Public template
make breaking updates look good 👗 https://arxiv.org/abs/2407.03880
Java
•
MIT License
•2•5•2•0•Updated Aug 26, 2024Aug 26, 2024
geth-rebuild
Public
A verifiable rebuilder for geth
Go
•0•1•4•0•Updated Aug 22, 2024Aug 22, 2024
btc-supply-chain
Public
Securing the Bitcoin software supply chain with an immutable database of SHA256
supply-chain bitcoin
Python
•1•1•1•2•Updated Aug 8, 2024Aug 8, 2024
classport
Public
Passports for Java class files
Java
•
MIT License
•0•0•7•0•Updated Jun 17, 2024Jun 17, 2024
breaking-good-user-study
Public
Java
•
MIT License
•0•0•0•0•Updated Jun 13, 2024Jun 13, 2024
breaking-updates-cache
Public
Side data repo for breaking updates
Java
•2•0•0•0•Updated May 14, 2024May 14, 2024
log4shell-poc
Public archive
executable log4shell attack
Java
•0•0•0•0•Updated Apr 29, 2024Apr 29, 2024
exploit-apps
Public
Java
•2•0•0•0•Updated Apr 20, 2024Apr 20, 2024
spring-petclinic
Public
A sample Spring-based application
CSS
•
Apache License 2.0
•24k•0•0•0•Updated Apr 3, 2024Apr 3, 2024
sbom-orchestra
Public
playing sboms on stage
0•1•0•0•Updated Mar 27, 2024Mar 27, 2024
rogue-jndi
Public
A malicious LDAP server for JNDI injection attacks
Java
•
MIT License
•220•0•0•0•Updated Mar 6, 2024Mar 6, 2024
1000py
Public
automerge in python
0•0•0•0•Updated Jan 18, 2024Jan 18, 2024