ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆210Updated 2 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- Generate a score for your sbom to understand if it will actually be useful.☆230Updated 11 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆83Updated last month
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆185Updated last year
- OpenVEX Specification☆155Updated last month
- SBOM Assess - Evaluate SBOM quality and compliance☆220Updated last week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆198Updated 3 months ago
- Check SPDX SBOM for NTIA minimum elements☆66Updated this week
- ☆241Updated last week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆194Updated last week
- A reading list for software supply-chain security.☆363Updated 2 years ago
- ☆98Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆405Updated last week
- A tool to create, transform and attest VEX metadata☆148Updated 2 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆96Updated last week
- ☆100Updated 10 months ago
- Support CI generation of SBOMs via golang tooling.☆425Updated 6 months ago
- Enrich SBOMs with data from third party services☆181Updated last week
- Utility that provides an API platform for validating, querying and managing BOM data☆117Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆60Updated 2 weeks ago
- ☆62Updated last year
- Format agnostic SBOM tooling☆112Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆325Updated 2 years ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆97Updated 3 weeks ago
- in-toto Attestation Framework☆284Updated last month
- PURL to CPE Relationship mapping project.☆91Updated this week
- Technical Advisory Council☆128Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆384Updated last week
- Software Component Verification Standard (SCVS)☆149Updated 4 months ago
- Visualizer for GUAC☆28Updated last week
- A universal SBOM representation in protocol buffers☆296Updated 2 weeks ago