.d8888b. 888 888 d8888 8888888 888b 888 .d8888b.
d88P Y88b 888 888 d88888 888 8888b 888 d88P Y88b
888 888 888 888 d88P888 888 88888b 888 Y88b.
888 8888888888 d88P 888 888 888Y88b 888 "Y888b.
888 888 888 d88P 888 888 888 Y88b888 "Y88b.
888 888 888 888 d88P 888 888 888 Y88888 "888
Y88b d88P 888 888 d8888888888 888 888 Y8888 Y88b d88P
"Y8888P" 888 888 d88P 888 8888888 888 Y888 "Y8888P"
CHAINS is a research project at KTH Royal Institute of Technology, it is about hardening the software supply chain, incl. dependency engineering as well as reproducible, executable and verifiable builds and SBOMs. We primarily look at Maven, NPM, and the software supply chain of crypto. The project is funded by the Swedish Foundation for Strategic research (SSF).
To get notified about project news, subscribe to the Chains mailing list.
<dependency>
<groupId>com.martiansoftware</groupId>
<artifactId>jsap</artifactId>
<version>2.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
</dependency>
(chronological order)
Posts:
Chains alumni: Arvid Siberov, Linus Östlund, Gabriel Skoglund, César Soto-Valero, Martin Wittlinger, Felix Qvarfordt, Daniel Williams, Oliver Schwalbe Lehtihet, Federico Bono
See https://github.com/chains-project/