Project Scope

Research Problem

Software supply chain attacks are increasing in frequency and sophistication, targeting CI/CD workflows, build systems, and dependency management. Incidents such as SolarWinds and pipeline misconfiguration abuse show that attackers exploit weak oversight and transient runner environments to inject malicious code, manipulate dependencies, and hide persistence.

Forensic readiness is a critical challenge in these environments. Build agents, containers, and runners are ephemeral, so valuable data can disappear immediately after execution. Conventional audit trails capture limited activity but do not preserve the complete forensic chain required for end-to-end reconstruction of incidents.

Integrity assurance is another major gap. Existing pipelines often lack cryptographic binding between artifacts, logs, and dependency metadata. While SBOM adoption has improved transparency and risk management, research highlights weak tamper resistance, untrusted generation paths, and missing verification controls in many practical implementations.

This project addresses the core question: how to design a CI/CD monitoring and evidence collection system that captures volatile forensic data, guarantees cryptographic integrity, reconstructs attack timelines automatically, and generates legally admissible reports with minimal operational overhead and strong compatibility with existing Jenkins workflows.

Nature of the Solution

The proposed framework introduces forensic-ready CI/CD agents, cryptographic integrity verification, automated incident analysis, and a chain-of-custody reporting portal as one integrated architecture.

01

Forensic-Ready CI/CD Agents

  • Capture volatile evidence inside Jenkins runners before cleanup.
  • Collect commit diffs, pipeline logs, env context, secrets access records, and temporary scripts.
  • Operate with low latency in containerized and ephemeral build environments.
02

Integrity Verification with SBOM

  • Generate SBOMs per build using SPDX, CycloneDX, and Syft workflows.
  • Apply SHA-256, digital signatures, and Merkle trees to artifacts, dependencies, and logs.
  • Establish tamper-evident provenance and multi-build verification.
03

Automated Incident Analysis Engine

  • Detect anomalies in commits, pipeline execution, and dependency updates.
  • Correlate forensic evidence across SCM activity, builds, and outputs.
  • Reconstruct structured attack timelines for incident response teams.
04

Chain-of-Custody Reporting Portal

  • Visualize evidence trails, timeline links, and integrity proofs in one dashboard.
  • Include an LLM-powered explanation module to summarize forensic findings and incident narratives.
  • Mention the LLM training pipeline using the WildChat dataset for contextual explanation quality.
  • Generate reports aligned with ISO/IEC 27037 and NIST SP 800-86.
  • Export case-ready outputs in JSON, XML, and PDF-friendly structures.

Product Demo

See DevForensix in action — watch our full system walkthrough below.

Technologies and Standards

Core Stack

Jenkins React Node.js Python Flask Machine Learning Scikit-learn Docker

Integrity and Standards

CycloneDX SHA-256 Merkle Trees

Conceptual Architecture

1Forensic AgentsVolatile build evidence
2Cryptographic BindingSBOM + Hash + Signatures
3Analysis EngineAnomaly + Timeline
4Reporting PortalChain-of-Custody

Objectives and Novelty

Main Objective

Design and develop a forensic-ready CI/CD monitoring and evidence collection system that captures volatile build evidence, protects integrity of artifacts and dependencies, reconstructs incident timelines, and supports legally admissible reporting against software supply chain attacks.

01

Forensic-Ready Jenkins Agents

Embed lightweight forensic collectors through plugins or pipeline hooks to preserve real-time runner evidence before job termination.

0%
02

Cryptographic Integrity + SBOM

Automate SBOM generation and apply hashes, signatures, and Merkle linking to create tamper-evident forensic trails.

0%
03

Automated Anomaly & Timeline Engine

Use ML and rule-based detection to flag suspicious commits, script tampering, and dependency anomalies with linked incident narratives.

0%
04

Forensic Reporting & Admissibility

Deliver chain-of-custody dashboards and standards-aligned reports for investigation, compliance, and legal processes.

0%

Project Timeline

All assessment milestones, dates, and mark allocations.

8th-12th September 2025

COMPLETED

Project Proposal

Presentation + proposal report

12% marks

5th-9th January 2026

COMPLETED

Progress Presentation I

Module development - 50% progress

15% marks

February 2026

COMPLETED

Progress Presentation II

Module integration - 90% progress

18% marks

TBD - 2026

COMPLETED

Research Paper

IEEE format publication submission

10% marks

April-May 2026

COMPLETED

Final Report

Complete system demonstration

30% marks

April-May 2026

COMPLETED

Final Viva

Individual examination

15% marks

03 Documents

Project Documents

All official project documents.

Topic Assessment Form (TAF)

Summarizing key technical details, evaluations, and findings related to the project or system within a defined scope.

DownloadAvailable
Drive Link

Proposal report

The document contains details like goals, objectives, important dates, milestones and requirements needed to start and complete the project.

DownloadAvailable
Drive Link

Check List Documents

Supervisor and assessment checklist documents for each milestone.

DownloadAvailable
Drive Link

Final Reports (Thesis)

Complete research document - 4 individual + 1 main compiled thesis.

DownloadAvailable
Drive Link

Research Paper

Literature, methods, analysis, and research argumentation

DownloadAvailable
Drive Link

Poster

Visual summary of objectives, concepts, and outcomes.

DownloadAvailable
Drive Link

Research Logbook

Progress updates compared against the planned checklist.

DownloadAvailable
Drive Link

04 Slides

Presentation Slides

Slide decks used in past presentations and placeholders for upcoming ones.

Proposal slides

View SlidesSeptember 2025

Proposal Presentation

Initial project proposal covering problem statement, literature review, objectives, and planned methodology.

Download PPTXAvailable
Drive Link

Progress PP1

View SlidesJanuary 2026

Progress Presentation I

50% milestone presentation showing completed module development, initial results, and next phase planning.

Download PPTXAvailable
Drive Link

Progress PP2

View SlidesFebruary 2026

Progress Presentation II

90% milestone - complete system integration and evaluation results.

Download PPTXAvailable
Drive Link

Final Presentation

View SlidesApril-May 2026

Final Presentation

Complete system demonstration with full evaluation and results.

Download PPTXAvailable
Drive Link

About Us

Supervisors

Team profile

 

Supervisor

Sri Lanka Institute of Information Technology

Team profile

 

Co-Supervisor

Sri Lanka Institute of Information Technology

Team Members

Team profile

Pavara

Team Member 2

Sri Lanka Institute of Information Technology

pavarah.c@gmail.com

Student ID

Contact

Get in Touch

Contact Details

Sri Lanka Institute of Information Technology

Forensic-ready CI/CD monitoring