ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆208Updated 3 weeks ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- OpenVEX Specification☆151Updated 2 weeks ago
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 10 months ago
- Enrich SBOMs with data from third party services☆176Updated 2 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆184Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆81Updated 2 weeks ago
- ☆237Updated this week
- Check SPDX SBOM for NTIA minimum elements☆64Updated this week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆193Updated 2 months ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆80Updated 7 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆113Updated 3 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆93Updated last week
- Open Source Software Secure Supply Chain Framework☆235Updated 2 years ago
- SBOM Assess - Evaluate SBOM quality and compliance☆214Updated this week
- A tool to create, transform and attest VEX metadata☆140Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆313Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆197Updated 2 months ago
- A reading list for software supply-chain security.☆363Updated 2 years ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆401Updated this week
- Technical Advisory Council☆125Updated this week
- Open Source Vulnerability schema.☆202Updated 3 weeks ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 7 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆369Updated 6 months ago
- Format agnostic SBOM tooling☆108Updated this week
- ☆88Updated this week
- OpenSSF Working Group on Securing Software Repositories☆107Updated 3 weeks ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆322Updated 2 years ago
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆95Updated 4 months ago
- ☆62Updated 11 months ago