ossf / s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆190Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for s2c2f
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 3 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆59Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆181Updated last week
- OpenVEX Specification☆132Updated 4 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆177Updated 9 months ago
- ☆228Updated this week
- Format agnostic SBOM tooling☆82Updated this week
- Open Source Software Secure Supply Chain Framework☆235Updated 2 years ago
- SBOM quality score - Quality metrics for your sboms☆186Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆291Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆72Updated last month
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆180Updated last week
- Enrich SBOMs with data from third party services☆120Updated this week
- ☆61Updated 4 months ago
- Check SPDX SBOM for NTIA minimum elements☆53Updated last week
- A reading list for software supply-chain security.☆361Updated 2 years ago
- Open Source Vulnerability schema.☆186Updated this week
- A tool to create, transform and attest VEX metadata☆119Updated this week
- in-toto Attestation Framework☆249Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆255Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆365Updated this week
- Software Component Verification Standard (SCVS)☆135Updated 7 months ago
- A BOM repository server for distributing CycloneDX BOMs☆74Updated 8 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆314Updated 3 weeks ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆32Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Utility that provides an API platform for validating, querying and managing BOM data☆95Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆126Updated 9 months ago
- Visualizer for GUAC☆26Updated 3 weeks ago
- GitHub Action for creating software bill of materials using Syft.☆168Updated this week