ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆216Updated 4 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- Generate a score for your sbom to understand if it will actually be useful.☆234Updated last year
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆204Updated 6 months ago
- OpenVEX Specification☆160Updated 4 months ago
- ☆250Updated this week
- Check SPDX SBOM for NTIA minimum elements☆73Updated 2 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆189Updated last year
- Enrich SBOMs with data from third party services☆196Updated last month
- A reading list for software supply-chain security.☆365Updated 2 years ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆246Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆88Updated 2 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆104Updated last week
- ☆102Updated last year
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆201Updated 3 weeks ago
- A tool to create, transform and attest VEX metadata☆160Updated this week
- ☆67Updated last year
- Utility that provides an API platform for validating, querying and managing BOM data☆120Updated 3 weeks ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆434Updated this week
- A universal SBOM representation in protocol buffers☆301Updated 2 weeks ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆114Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆331Updated 2 years ago
- in-toto Attestation Framework☆301Updated this week
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- Format agnostic SBOM tooling☆116Updated last week
- sbomasm: The Complete SBOM Management Toolkit☆89Updated last week
- Machine-readable specification for the attestation of security-relevant data.☆63Updated last month
- Visualizer for GUAC☆28Updated last month
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆416Updated last week
- ☆111Updated this week
- Technical Advisory Council☆131Updated last week
- Utility that provides an API and CLI to identify licenses and legal terms☆53Updated 3 months ago