Date of Award
5-2025
Document Type
Thesis
Degree Name
Master of Engineering (MEngr)
Department
Computer Engineering
Committee Chair/Advisor
Richard Brooks
Committee Member
Mert D. Pes´e
Committee Member
Rajendra Singh
Committee Member
Kuangching Wang
Abstract
The software supply chain encompasses all stages of software development and delivery from initial coding and version control to integration and deployment. As development environments become increasingly distributed and reliant on external dependencies, ensuring the integrity, auditability, and consistency of code changes has become a pressing challenge. Traditional version control systems like Git, while effective for collaboration and tracking revisions, do not inherently provide tamper-evident commit histories. Features such as history rewriting (e.g., git rebase, git push --force) can be exploited to manipulate commit logs without detection, posing risks in security-sensitive domains. This thesis proposes a blockchain-integrated version control framework that addresses these limitations by recording Git commit metadata on a per- missioned distributed ledger. The system is implemented using Hyperledger Fabric and employs smart contracts to log commit events immutably, creating a verifiable chain of custody for software updates. The research evaluates the system’s feasibility through experimental deployment across simulated distributed developer nodes, measuring synchronization time, resource consumption (CPU, memory, disk), and consistency of commit state. Experimental results show that the system achieves low synchronization latency, stable memory and disk usage, and cross-node consistency, with CPU utilization identified as the primary factor influencing performance under load. These findings demonstrate that blockchain integration can improve transparency and traceability in software version control without introducing significant overhead. By contributing a secure and auditable mechanism for commit tracking, this work advances the field of software supply chain security and provides a foundation for future research into scalable, verifiable development workflows in high-assurance environments.
Recommended Citation
Aideyan, Iwinosa W., "Blockchain-Integrated Version Control for Secure and Transparent Software Supply Chains" (2025). All Theses. 4524.
https://open.clemson.edu/all_theses/4524
Author ORCID Identifier
0009000674906798
Included in
Computer and Systems Architecture Commons, Data Storage Systems Commons, Digital Communications and Networking Commons, Systems and Communications Commons, VLSI and Circuits, Embedded and Hardware Systems Commons