microsoft/oss-ssc-framework

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/oss-ssc-framework)

microsoft / oss-ssc-framework

Open Source Software Secure Supply Chain Framework

☆239

Alternatives and similar repositories for oss-ssc-framework

Users that are interested in oss-ssc-framework are comparing it to the libraries listed below

Sorting:

ossf / s2c2f
View on GitHub
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
☆227May 26, 2025Updated 9 months ago
eBay / sbom-scorecard
View on GitHub
Generate a score for your sbom to understand if it will actually be useful.
☆238Aug 13, 2024Updated last year
lukasjarosch / skipper
View on GitHub
Inventory based templated configuration library inspired by the kapitan project
☆12Aug 31, 2024Updated last year
jdyke / gcp-iam-analyzer
View on GitHub
Compares and analyzes GCP IAM roles.
☆78Mar 9, 2025Updated 11 months ago
in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆517Updated this week
SBOMit / specification
View on GitHub
☆76Dec 10, 2025Updated 2 months ago
chughes757 / SecureSoftwareSupplyChain
View on GitHub
This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
☆139Jul 12, 2022Updated 3 years ago
chainguard-dev / ssc-reading-list
View on GitHub
A reading list for software supply-chain security.
☆365Nov 21, 2022Updated 3 years ago
microsoft / scim
View on GitHub
Supply Chain Integrity Model
☆106Jun 12, 2023Updated 2 years ago
oracle / macaron
View on GitHub
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
☆187Updated this week
chainguard-sandbox / osqtool
View on GitHub
Automated testing, generation & manipulation of #osquery packs
☆74Oct 16, 2024Updated last year
progrium / wasm-go-playground
View on GitHub
Go compiler running entirely in your browser
☆26Sep 18, 2023Updated 2 years ago
marco-lancini / utils
View on GitHub
Useful scripts, Docker images, docker-compose apps, and Terraform modules.
☆149Feb 15, 2026Updated last week
bureado / awesome-software-supply-chain-security
View on GitHub
A compilation of resources in the software supply chain security domain, with emphasis on open source
☆348Updated this week
JupiterOne / starbase
View on GitHub
Graph-based security analysis for everyone
☆356Feb 19, 2026Updated last week
crashappsec / github-analyzer
View on GitHub
A tool to check the security settings of Github Organizations.
☆75Feb 9, 2026Updated 2 weeks ago
slsa-framework / slsa
View on GitHub
Supply-chain Levels for Software Artifacts
☆1,814Feb 20, 2026Updated last week
Nextdoor / cspm_evaluation_matrix
View on GitHub
Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix
☆59Sep 7, 2023Updated 2 years ago
fwiedmann / icof
View on GitHub
icof - in case of fire.
☆12Jul 23, 2022Updated 3 years ago
fepitre / debrebuild
View on GitHub
Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…
☆17Sep 24, 2022Updated 3 years ago
IBM / sbom-utility
View on GitHub
This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility
☆60Apr 17, 2023Updated 2 years ago
rusakovichma / TicTaaC
View on GitHub
Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
☆68Jun 25, 2025Updated 8 months ago
ComplianceAsCode / oscal
View on GitHub
OSCAL SSP content for technologies shipped by Red Hat
☆16Mar 2, 2023Updated 2 years ago
avishayil / cf-signer
View on GitHub
Tool for signing and verifying the integrity of CloudFormation templates
☆15Feb 16, 2023Updated 3 years ago
in-toto / attestation
View on GitHub
in-toto Attestation Framework
☆326Feb 17, 2026Updated last week
bomctl / bomctl
View on GitHub
Format agnostic SBOM tooling
☆132Nov 20, 2025Updated 3 months ago
salesforce / cloud-guardrails
View on GitHub
Rapidly apply hundreds of security controls in Azure
☆183May 1, 2025Updated 9 months ago
aquasecurity / chain-bench
View on GitHub
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
☆767Dec 11, 2024Updated last year
JosephTLucas / lintML
View on GitHub
A security-first linter for code that shouldn't need linting
☆18Sep 12, 2023Updated 2 years ago
EasyDynamics / oscal-rest-service
View on GitHub
Implementation of the OSCAL REST API
☆19Feb 23, 2024Updated 2 years ago
ovotech / cloud-key-rotator
View on GitHub
A Golang program to rotate AWS & GCP account keys
☆67May 12, 2025Updated 9 months ago
openvex / spec
View on GitHub
OpenVEX Specification
☆168Jan 16, 2026Updated last month
ossf / security-reviews
View on GitHub
A community collection of security reviews of open source software components.
☆97Feb 29, 2024Updated 2 years ago
ossf / alpha-omega
View on GitHub
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
☆113Feb 10, 2026Updated 2 weeks ago
littlecolumns / python-wrangler
View on GitHub
Clean up all those Pythons crawling around your computer
☆15Feb 2, 2023Updated 3 years ago
isovalent / eBPF-Summit-2022-CTF
View on GitHub
Capture The Flag Challenge for eBPF Summit 2022
☆19Oct 2, 2022Updated 3 years ago
iriusrisk / OpenThreatModel
View on GitHub
The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
☆181Dec 11, 2025Updated 2 months ago
wiz-sec-public / cloud-middleware-dataset
View on GitHub
☆246Jul 9, 2024Updated last year
ossf / scorecard
View on GitHub
OpenSSF Scorecard - Security health metrics for Open Source
☆5,272Feb 16, 2026Updated last week