.d8888b.  888    888        d8888 8888888 888b    888  .d8888b.  
d88P  Y88b 888    888       d88888   888   8888b   888 d88P  Y88b 
888    888 888    888      d88P888   888   88888b  888 Y88b.      
888        8888888888     d88P 888   888   888Y88b 888  "Y888b.   
888        888    888    d88P  888   888   888 Y88b888     "Y88b. 
888    888 888    888   d88P   888   888   888  Y88888       "888 
Y88b  d88P 888    888  d8888888888   888   888   Y8888 Y88b  d88P 
 "Y8888P"  888    888 d88P     888 8888888 888    Y888  "Y8888P"  

Consistent Hardening and Analysis of Software Supply Chains

CHAINS is a research project at KTH Royal Institute of Technology, it is about hardening the software supply chain, incl. dependency engineering as well as reproducible, executable and verifiable builds and SBOMs. We primarily look at Maven, NPM, and the software supply chain of crypto. The project is funded by the Swedish Foundation for Strategic research (SSF). We are recruiting software engineers, postdocs, and interns, get in touch!

    <dependency>
      <groupId>com.martiansoftware</groupId>
      <artifactId>jsap</artifactId>
      <version>2.1</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.7.36</version>
    </dependency>
    <dependency>
      <groupId>commons-io</groupId>
      <artifactId>commons-io</artifactId>
      <version>2.11.0</version>
    </dependency>

Papers & Theses

(chronological order)

Posts:

Team

Chains alumni: Arvid Siberov, Linus Östlund, Gabriel Skoglund, César Soto-Valero, Martin Wittlinger

Events & Talks

Press

Repositories

See https://github.com/chains-project/

Master / Internship topics