Repositories list

• ghasum

  Public
  Checksums for GitHub Actions.

  checksumslockfilegha

  checksumslockfilegha

  Go

  •

  Apache License 2.0

  •11 fork•1919 stars•2323 issues•11 pull request•Updated May 1, 2026May 1, 2026

• verify-commit-signatures-on-github

  Public
  Verify GitHub commit signing keys against the Sigstore Rekor transparency log

  Python

  •00 forks•00 stars•00 issues•00 pull requests•Updated May 1, 2026May 1, 2026

• besu

  Public
  Perpetual automerge for Besu

  Java

  •

  Apache License 2.0

  •1.1k1.1k forks•00 stars•11 issue•9393 pull requests•Updated Apr 30, 2026Apr 30, 2026

• chains-project.github.io

  Public
  The source for the website of the SSF CHAINS project https://chains.proj.kth.se/

  HTML

  •

  MIT License

  •1515 forks•88 stars•00 issues•00 pull requests•Updated Apr 30, 2026Apr 30, 2026

• bombom

  Public
  grassroot bill of materials for linux

  Python

  •00 forks•00 stars•00 issues•00 pull requests•Updated Apr 30, 2026Apr 30, 2026

• flink

  Public
  Perpetual automerge for Apache Flink

  Java

  •

  Apache License 2.0

  •14k14k forks•00 stars•11 issue•2121 pull requests•Updated Apr 30, 2026Apr 30, 2026

• deps.dev_stats

  Public
  longitudinal study of package registry growth

  Python

  •00 forks•11 star•00 issues•00 pull requests•Updated Apr 29, 2026Apr 29, 2026

• zkSBOM

  Public
  Zero-Knowledge SBOM

  Rust

  •

  MIT License

  •00 forks•55 stars•00 issues•00 pull requests•Updated Apr 29, 2026Apr 29, 2026

• sbom-files

  Public
  Long term storage of software bills of materials (sbom) https://arxiv.org/pdf/2303.11102.pdf

  Python

  •22 forks•77 stars•11 issue•22 pull requests•Updated Apr 28, 2026Apr 28, 2026

• dependency-tree-analysis

  Public archive
  Shell

  •

  MIT License

  •00 forks•00 stars•00 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• aotp

  Public
  Looking inside AOTCache

  Java

  •00 forks•00 stars•11 issue•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• ReSolVer

  Public
  Record Solve Verify. A project for verifiable dependency resolution.

  JavaScript

  •00 forks•00 stars•77 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• maven-lockfile

  Public
  Lockfiles for Maven. Pin your dependencies. Build with integrity.

  Java

  •

  MIT License

  •2020 forks•6161 stars•2121 issues•55 pull requests•Updated Apr 27, 2026Apr 27, 2026

• dirty-waters-action

  Public
  Break the build if your supply chain is dirty

  MIT License

  •00 forks•22 stars•66 issues•55 pull requests•Updated Apr 27, 2026Apr 27, 2026

• bump

  Public
  A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)

  javadependency-analysis

  javadependency-analysis

  Java

  •

  MIT License

  •99 forks•2222 stars•66 issues•66 pull requests•Updated Apr 27, 2026Apr 27, 2026

• swag

  Public
  software supply chain art

  Java

  •11 fork•22 stars•11 issue•1111 pull requests•Updated Apr 23, 2026Apr 23, 2026

• dirty-waters

  Public
  automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049

  Python

  •

  MIT License

  •66 forks•1818 stars•3030 issues•33 pull requests•Updated Apr 14, 2026Apr 14, 2026

• sbom.exe

  Public
  calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246

  Java

  •

  MIT License

  •11 fork•99 stars•99 issues•77 pull requests•Updated Apr 10, 2026Apr 10, 2026

• bacardi

  Public
  fix breaking dependency updates 🛠️

  Java

  •

  MIT License

  •33 forks•44 stars•66 issues•00 pull requests•Updated Apr 9, 2026Apr 9, 2026

• claude-code

  Public
  Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining c…

  TypeScript

  •

  Other

  •3.2k3.2k forks•00 stars•00 issues•00 pull requests•Updated Apr 1, 2026Apr 1, 2026

• javascript-bundling-reproducible-builds

  Public
  reproducible build study of javascript bundling (thesis E. Vitell)

  Python

  •00 forks•00 stars•00 issues•00 pull requests•Updated Mar 22, 2026Mar 22, 2026

• spoon

  Public
  Perpetual automerge with CI for Spoon

  Java

  •

  Other

  •383383 forks•00 stars•11 issue•1010 pull requests•Updated Mar 9, 2026Mar 9, 2026

• dirty-waters-utils

  Public
  Scripts used to retrieve data and acquire results for dirty-waters

  Jupyter Notebook

  •00 forks•00 stars•00 issues•00 pull requests•Updated Feb 23, 2026Feb 23, 2026

• AutoFix-For-ADES

  Public
  Rust

  •00 forks•00 stars•00 issues•00 pull requests•Updated Feb 22, 2026Feb 22, 2026

• oZKS

  Public
  oZKS (Ordered Zero-Knowledge Set) is a library that provides an implementation of an Ordered (and Append Only) Zero-Knowledge Set.

  C++

  •

  MIT License

  •66 forks•00 stars•00 issues•00 pull requests•Updated Feb 17, 2026Feb 17, 2026

• pypi1000

  Public
  1000 Github repositories on Pypi

  Python

  •00 forks•00 stars•00 issues•00 pull requests•Updated Feb 9, 2026Feb 9, 2026

• maven-hijack-poc

  Public
  Java-Class-Hijack: Software Supply Chain Attack for Java based on Maven Dependency Resolution and Java Classloading

  javasupply-chain-security

  javasupply-chain-security

  Java

  •11 fork•33 stars•00 issues•00 pull requests•Updated Jan 30, 2026Jan 30, 2026

• classport-experiments

  Public
  Experiments related to the Classport projects

  Java

  •00 forks•00 stars•11 issue•00 pull requests•Updated Jan 21, 2026Jan 21, 2026

• classport

  Public
  Passports for Java class files

  Java

  •

  MIT License

  •11 fork•22 stars•1414 issues•00 pull requests•Updated Jan 20, 2026Jan 20, 2026

• moduleinfo-generator

  Public
  Java

  •00 forks•00 stars•11 issue•00 pull requests•Updated Nov 25, 2025Nov 25, 2025