The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆227May 26, 2025Updated 9 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- OpenVEX Specification☆169Jan 16, 2026Updated 2 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆519Updated this week
- in-toto Attestation Framework☆328Updated this week
- Supply-chain Levels for Software Artifacts☆1,823Mar 11, 2026Updated last week
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆82Mar 13, 2026Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,454Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Umbrella Repository Service for TUF☆62Feb 23, 2026Updated 3 weeks ago
- Open Source Maturity Model☆16Apr 30, 2024Updated last year
- in-toto is a framework to protect supply chain integrity.☆982Updated this week
- ☆255Updated this week
- Format agnostic SBOM tooling☆133Nov 20, 2025Updated 4 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆103Mar 13, 2026Updated last week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 4 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆239Aug 13, 2024Updated last year
- ☆147Updated this week
- Website and API for OpenSSF Scorecard☆28Updated this week
- ☆25Nov 8, 2024Updated last year
- A utility to generate SPDX-compliant Bill of Materials manifests☆446Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆189Updated this week
- Enrich SBOMs with data from third party services☆221Feb 11, 2026Updated last month
- ☆102Sep 27, 2024Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆111Feb 28, 2026Updated 3 weeks ago
- ☆31Updated this week
- Collection of tools for analyzing open source packages.☆358Mar 9, 2026Updated last week
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 3 months ago
- Verify provenance from SLSA compliant builders☆313Mar 9, 2026Updated last week
- automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049☆18Mar 13, 2026Updated last week
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆999Updated this week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,315Updated this week
- SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more☆537Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- ☆76Dec 10, 2025Updated 3 months ago
- sigstore the hard way!☆118Aug 6, 2025Updated 7 months ago
- Machine-readable specification for the attestation of security-relevant data.☆73Feb 24, 2026Updated 3 weeks ago
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,258Dec 8, 2025Updated 3 months ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆75Mar 13, 2026Updated last week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆998Updated this week