ossf / criticality_scoreLinks
Gives criticality score for an open source project
☆1,405Updated 6 months ago
Alternatives and similar repositories for criticality_score
Users that are interested in criticality_score are comparing it to the libraries listed below
Sorting:
- GitHub App to set and enforce security policies☆1,367Updated last week
- Helping allocate resources to secure the critical open source projects we all depend on.☆377Updated 6 months ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,134Updated this week
- Supply-chain Levels for Software Artifacts☆1,746Updated last week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆908Updated this week
- OpenSSF Security Tooling Working Group☆318Updated 4 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆439Updated this week
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆945Updated this week
- MVG = Minimum Viable Governance☆401Updated last year
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆1,004Updated last year
- 🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)☆1,294Updated this week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆508Updated 11 months ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,417Updated 2 weeks ago
- Open Source Contributor Index☆183Updated 8 months ago
- Software Supply Chain Transparency Log☆1,025Updated this week
- Repolinter, The Open Source Repository Linter☆460Updated 2 months ago
- 📖 OSPOlogy - The Study of OSPOs☆224Updated last week
- The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…☆223Updated last year
- Common go library shared across sigstore services and clients☆490Updated this week
- in-toto is a framework to protect supply chain integrity.☆957Updated this week
- Uncurled - everything I know and learned about running and maintaining Open Source projects for three decades.☆882Updated 2 months ago
- These patterns document how to apply open source principles and practices for software development within the confines of an organization…☆829Updated this week
- Scalar: A set of tools and extensions for Git to allow very large monorepos to run on Git without a virtualization layer☆1,472Updated 8 months ago
- Open Source Package Analysis☆856Updated 6 months ago
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆374Updated last week
- GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests☆329Updated 2 weeks ago
- Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. 🔍 📊☆3,513Updated last week
- Language-agnostic SLSA provenance generation for Github Actions☆517Updated 3 weeks ago
- Send Sir Perceval on a quest to retrieve and gather data from software repositories.☆308Updated last week
- Helping open source program offices get started☆711Updated 3 weeks ago