coreinfrastructure / best-practices-badge
🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
☆1,261Updated last week
Alternatives and similar repositories for best-practices-badge:
Users that are interested in best-practices-badge are comparing it to the libraries listed below
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆876Updated this week
- Python reference implementation of The Update Framework (TUF)☆1,662Updated this week
- The Open Source Discovery Service☆1,125Updated 2 weeks ago
- Curated list of awesome tools for managing open source programs☆467Updated 2 months ago
- Now stored here:☆408Updated 4 years ago
- 📜Automated review of open source software projects☆117Updated 5 months ago
- Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Langua…☆1,375Updated this week
- Repolinter, The Open Source Repository Linter☆441Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆396Updated this week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆767Updated this week
- Software Supply Chain Transparency Log☆956Updated this week
- An observatory for TLS configurations, X509 certificates, and more.☆540Updated 10 months ago
- A suite of tools to automate software compliance checks.☆1,739Updated this week
- 📅 The web's go-to resource for Calendar Versioning info.☆526Updated 11 months ago
- Project Wycheproof tests crypto libraries against known attacks.☆2,834Updated last week
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆984Updated last year
- Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON☆559Updated last week
- ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party package…☆2,271Updated this week
- srclib is a polyglot code analysis library, built for hackability. It consists of language analysis toolchains (currently for Go and Java…☆941Updated 8 years ago
- reuse is a tool for compliance with the REUSE recommendations.☆475Updated this week
- Source for TrunkBasedDevelopment.com☆514Updated last week
- Gives criticality score for an open source project☆1,369Updated 3 weeks ago
- List of resources about programming practices for writing safety-critical software.☆1,560Updated 2 months ago
- The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.☆321Updated last week
- Supply-chain Levels for Software Artifacts☆1,663Updated this week
- Helping allocate resources to secure the critical open source projects we all depend on.☆352Updated this week
- a community wiki for improving code quality☆344Updated last month
- Pretty RFC indexes and reformats RFC documents for easier discovery and viewing.☆941Updated 8 years ago
- Distributed code review system for Git repos☆5,149Updated last year
- Markdown lint tool☆1,891Updated last year