Open Source Software Secure Supply Chain Framework
☆239Oct 28, 2022Updated 3 years ago
Alternatives and similar repositories for oss-ssc-framework
Users that are interested in oss-ssc-framework are comparing it to the libraries listed below
Sorting:
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆227May 26, 2025Updated 9 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- Inventory based templated configuration library inspired by the kapitan project☆12Aug 31, 2024Updated last year
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆517Updated this week
- ☆76Dec 10, 2025Updated 2 months ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆139Jul 12, 2022Updated 3 years ago
- A reading list for software supply-chain security.☆365Nov 21, 2022Updated 3 years ago
- Supply Chain Integrity Model☆106Jun 12, 2023Updated 2 years ago
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆187Updated this week
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Go compiler running entirely in your browser☆26Sep 18, 2023Updated 2 years ago
- Useful scripts, Docker images, docker-compose apps, and Terraform modules.☆149Feb 15, 2026Updated last week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆348Updated this week
- Graph-based security analysis for everyone☆356Feb 19, 2026Updated last week
- A tool to check the security settings of Github Organizations.☆75Feb 9, 2026Updated 2 weeks ago
- Supply-chain Levels for Software Artifacts☆1,814Feb 20, 2026Updated last week
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆59Sep 7, 2023Updated 2 years ago
- icof - in case of fire.☆12Jul 23, 2022Updated 3 years ago
- Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…☆17Sep 24, 2022Updated 3 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Apr 17, 2023Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆68Jun 25, 2025Updated 8 months ago
- OSCAL SSP content for technologies shipped by Red Hat☆16Mar 2, 2023Updated 2 years ago
- Tool for signing and verifying the integrity of CloudFormation templates☆15Feb 16, 2023Updated 3 years ago
- in-toto Attestation Framework☆326Feb 17, 2026Updated last week
- Format agnostic SBOM tooling☆132Nov 20, 2025Updated 3 months ago
- Rapidly apply hundreds of security controls in Azure☆183May 1, 2025Updated 9 months ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆767Dec 11, 2024Updated last year
- A security-first linter for code that shouldn't need linting☆18Sep 12, 2023Updated 2 years ago
- Implementation of the OSCAL REST API☆19Feb 23, 2024Updated 2 years ago
- A Golang program to rotate AWS & GCP account keys☆67May 12, 2025Updated 9 months ago
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- A community collection of security reviews of open source software components.☆97Feb 29, 2024Updated 2 years ago
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆113Feb 10, 2026Updated 2 weeks ago
- Clean up all those Pythons crawling around your computer☆15Feb 2, 2023Updated 3 years ago
- Capture The Flag Challenge for eBPF Summit 2022☆19Oct 2, 2022Updated 3 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆181Dec 11, 2025Updated 2 months ago
- ☆246Jul 9, 2024Updated last year
- OpenSSF Scorecard - Security health metrics for Open Source☆5,272Feb 16, 2026Updated last week