ossf / s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆207Updated 3 months ago
Alternatives and similar repositories for s2c2f:
Users that are interested in s2c2f are comparing it to the libraries listed below
- A standard API specification for exchanging supply chain artifacts and intelligence☆79Updated this week
- OpenVEX Specification☆150Updated last month
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 8 months ago
- ☆235Updated last week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆181Updated last year
- Enrich SBOMs with data from third party services☆171Updated last month
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆189Updated last month
- Check SPDX SBOM for NTIA minimum elements☆61Updated last week
- Format agnostic SBOM tooling☆105Updated this week
- A reading list for software supply-chain security.☆362Updated 2 years ago
- ☆62Updated 9 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated 3 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆90Updated last week
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆77Updated 6 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆133Updated last year
- ☆82Updated this week
- A tool to create, transform and attest VEX metadata☆134Updated last week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 5 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆307Updated this week
- OpenSSF Security Tooling Working Group☆309Updated 11 months ago
- in-toto Attestation Framework☆271Updated 2 weeks ago
- Technical Advisory Council☆123Updated this week
- Visualizer for GUAC☆28Updated last month
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆316Updated 2 years ago
- Utility that provides an API platform for validating, querying and managing BOM data☆109Updated 2 weeks ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆92Updated 2 months ago
- PURL to CPE Relationship mapping project.☆87Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆59Updated this week