Date of Award

5-2025

Document Type

Thesis

Degree Name

Master of Engineering (MEngr)

Department

Computer Engineering

Committee Chair/Advisor

Richard Brooks

Committee Member

Mert D. Pes´e

Committee Member

Rajendra Singh

Committee Member

Kuangching Wang

Abstract

The software supply chain encompasses all stages of software development and delivery from initial coding and version control to integration and deployment. As development environments become increasingly distributed and reliant on external dependencies, ensuring the integrity, auditability, and consistency of code changes has become a pressing challenge. Traditional version control systems like Git, while effective for collaboration and tracking revisions, do not inherently provide tamper-evident commit histories. Features such as history rewriting (e.g., git rebase, git push --force) can be exploited to manipulate commit logs without detection, posing risks in security-sensitive domains. This thesis proposes a blockchain-integrated version control framework that addresses these limitations by recording Git commit metadata on a per- missioned distributed ledger. The system is implemented using Hyperledger Fabric and employs smart contracts to log commit events immutably, creating a verifiable chain of custody for software updates. The research evaluates the system’s feasibility through experimental deployment across simulated distributed developer nodes, measuring synchronization time, resource consumption (CPU, memory, disk), and consistency of commit state. Experimental results show that the system achieves low synchronization latency, stable memory and disk usage, and cross-node consistency, with CPU utilization identified as the primary factor influencing performance under load. These findings demonstrate that blockchain integration can improve transparency and traceability in software version control without introducing significant overhead. By contributing a secure and auditable mechanism for commit tracking, this work advances the field of software supply chain security and provides a foundation for future research into scalable, verifiable development workflows in high-assurance environments.

Author ORCID Identifier

0009000674906798

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.