Skip to content

chains-project/sbom.exe

7 Branches16 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

github-actions[bot]github-actions[bot]
chore: releasing version 0.12.0
Mar 13, 2024
b1f1ac5 · Mar 13, 2024

History

436 Commits
.github/workflows
.github/workflows
Mar 13, 2024
classfile-fingerprint
classfile-fingerprint
Mar 13, 2024
replications/fractureiser
replications/fractureiser
Jul 21, 2023
runtime-class-interceptor
runtime-class-interceptor
Mar 13, 2024
terminator-commons
terminator-commons
Mar 13, 2024
watchdog-agent
watchdog-agent
Mar 13, 2024
.gitignore
.gitignore
Aug 28, 2023
CHANGELOG.md
CHANGELOG.md
Aug 22, 2023
LICENSE
LICENSE
Jul 14, 2023
README.md
README.md
Mar 13, 2024
diagram.svg
diagram.svg
Mar 13, 2024
jreleaser.json
jreleaser.json
Mar 13, 2024
pom.xml
pom.xml
Mar 13, 2024
renovate.json
renovate.json
Jul 14, 2023

Repository files navigation

sbom.exe

tests

A tool to illustrate termination of Java virtual machine if a prohibited method is invoked. Checkout the README on that branch for instructions.

Visualization by GitHub Next

Visualization of the codebase

Project structure

The project has two concepts - generating fingerprints and watching for prohibited classes.

Generation of fingerprints

The fingerprints are generated using the classfile-fingerprint CLI.

It has three subcommands. All the commands take in the following parameters:

Required Parameters

Parameter Type Description
output or input File Path to index file. output will create a
new file. input will merge the indices.

  1. jdk: Generate fingerprints for JDK classes. |

  2. supply-chain: Generate fingerprints for all the dependencies captured in the SBOM.

    • Required Parameters

      Parameter Type Description
      sbom File Path to the sbom file.

      sbom could be CycloneDX 1.4 or 1.5 JSON document.

  3. runtime: Generate fingerprints for all the classes loaded at runtime.

    • Required Parameters

      Parameter Type Description
      project File Path to the project.
      executable-jar-module String The module
      (artifactID)that generates the executable jar.

    • Optional Parameters

      Parameter Type Description
      cleanup File Delete the temporary project after the process.

Watching for prohibited classes

The watchdog-agent is a Java agent that watches for prohibited classes.

It takes in the following parameters:

Required Parameters

Parameter Type Description
sbom File Path to the index file.

Optional Parameters

Parameter Type Description
skipShutdown boolean If true, the JVM will not shutdown if a prohibited class is loaded. Default: false.

About

calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246

arxiv.org/abs/2407.00246

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 16

v0.14.1 Latest
Jan 30, 2025
+ 15 releases

Packages

No packages published

Contributors 6

Languages