ossf/s2c2f external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ossf/s2c2f

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ossf/s2c2f)

Close

ossf / s2c2fView on GitHubMore

• External links
• Readme badge

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

☆232May 26, 2025Updated last year

Alternatives and similar repositories for s2c2f

Users that are interested in s2c2f are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• microsoft / oss-ssc-framework

  View on GitHub
  Open Source Software Secure Supply Chain Framework
  ☆239Oct 28, 2022Updated 3 years ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆182Jan 16, 2026Updated 4 months ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆534Jun 1, 2026Updated last week
• in-toto / attestation

  View on GitHub
  in-toto Attestation Framework
  ☆338May 18, 2026Updated 3 weeks ago
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,876Jun 3, 2026Updated last week
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• spdx / ntia-conformance-checker

  View on GitHub
  Validate SPDX 2 and 3 SBOM against NTIA, CISA, and other minimum element requirements.
  ☆89Jun 3, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,498Updated this week
• chainguard-sandbox / bom-shelter

  View on GitHub
  A place to systematically store software bill of materials (SBOM) documents.
  ☆51Jun 1, 2023Updated 3 years ago
• bomctl / bomctl

  View on GitHub
  Format agnostic SBOM tooling
  ☆137Nov 20, 2025Updated 6 months ago
• repository-service-tuf / repository-service-tuf

  View on GitHub
  Umbrella Repository Service for TUF
  ☆68Jun 3, 2026Updated last week
• finos-labs / osmm

  View on GitHub
  Open Source Maturity Model
  ☆16Apr 30, 2024Updated 2 years ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆1,003Jun 3, 2026Updated last week
• buildsec / frsca

  View on GitHub
  ☆258Updated this week
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆108May 20, 2026Updated 3 weeks ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆102Nov 10, 2025Updated 7 months ago
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆243Aug 13, 2024Updated last year
• ossf / security-baseline

  View on GitHub
  ☆156Jun 3, 2026Updated last week
• ossf / scorecard-webapp

  View on GitHub
  Website and API for OpenSSF Scorecard
  ☆28Jun 3, 2026Updated last week
• OpenChain-Project / Security-Assurance-Specification

  View on GitHub
  ☆25Nov 8, 2024Updated last year
• kubernetes-sigs / bom

  View on GitHub
  A utility to generate SPDX-compliant Bill of Materials manifests
  ☆456Jun 3, 2026Updated last week
• ossf / security-insights

  View on GitHub
  Machine-readable specification for the attestation of security-relevant data.
  ☆75May 11, 2026Updated last month
• oracle / macaron

  View on GitHub
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆197May 28, 2026Updated last week
• snyk / parlay

  View on GitHub
  Enrich SBOMs with data from third party services
  ☆227May 18, 2026Updated 3 weeks ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• nyph-infosec / daggerboard

  View on GitHub
  ☆102Sep 27, 2024Updated last year
• ossf / ossf-landscape

  View on GitHub
  ☆31Updated this week
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆114Feb 28, 2026Updated 3 months ago
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆364Updated this week
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆128Apr 6, 2026Updated 2 months ago
• slsa-framework / slsa-verifier

  View on GitHub
  Verify provenance from SLSA compliant builders
  ☆331Mar 9, 2026Updated 3 months ago
• chains-project / dirty-waters

  View on GitHub
  automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
  ☆19Apr 14, 2026Updated last month
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆1,031May 20, 2026Updated 3 weeks ago
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,487Jun 2, 2026Updated last week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• chainloop-dev / chainloop

  View on GitHub
  SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
  ☆554Updated this week
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 3 years ago
• SBOMit / specification

  View on GitHub
  ☆83Dec 10, 2025Updated 6 months ago
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆120May 29, 2026Updated last week
• cncf / tag-security

  View on GitHub
  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
  ☆2,263Dec 8, 2025Updated 6 months ago
• chainguard-dev / nginx-image-demo

  View on GitHub
  nginx image demo
  ☆19Sep 11, 2023Updated 2 years ago
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆1,049Updated this week