cdfoundation / sig-security-sbom
SIG Security - Software Bill of Materials
☆18Updated 2 years ago
Related projects: ⓘ
- Report missing advisories and corrections on OSS Index☆17Updated last year
- A place to systematically store software bill of materials (SBOM) documents.☆42Updated last year
- The model for the information captured in SPDX version 3 standard.☆68Updated last week
- Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data☆57Updated 5 months ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆19Updated 11 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆32Updated last year
- Technical Advisory Council☆107Updated last week
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated last week
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Is…☆49Updated 2 weeks ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆177Updated last month
- ☆69Updated this week
- Check SPDX SBOM for NTIA minimum elements☆52Updated 2 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆69Updated this week
- A TUF repository and signing tool☆20Updated this week
- OpenSSF Working Group on Securing Software Repositories☆86Updated 2 months ago
- ☆56Updated 2 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 6 months ago
- A BOM repository server for distributing CycloneDX BOMs☆73Updated 6 months ago
- Utility that provides an API and CLI to identify licenses and legal terms☆43Updated 3 months ago
- The SCANOSS SBOM Workbench graphical user interface to scan and audit your source code.☆46Updated last week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆175Updated 7 months ago
- OpenVEX Specification☆125Updated 2 months ago
- SBOM quality score - Quality metrics for your sboms☆161Updated this week
- Plain text version of the OSADL Open Source Policy Template: The Basis for License Compliance☆19Updated 2 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated last year
- Supply Chain Integrity Model☆102Updated last year
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆79Updated last week
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆54Updated this week