The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆236May 26, 2025Updated last year
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Open Source Software Secure Supply Chain Framework☆239Oct 28, 2022Updated 3 years ago
- OpenVEX Specification☆185Jan 16, 2026Updated 5 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆534Jun 22, 2026Updated last week
- in-toto Attestation Framework☆342Jun 22, 2026Updated last week
- Supply-chain Levels for Software Artifacts☆1,883Jun 23, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Validate SPDX 2 and 3 SBOM against NTIA, CISA, and other minimum element requirements.☆89Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,511Jun 23, 2026Updated last week
- A place to systematically store software bill of materials (SBOM) documents.☆51Jun 1, 2023Updated 3 years ago
- Format agnostic SBOM tooling☆140Nov 20, 2025Updated 7 months ago
- Umbrella Repository Service for TUF☆67Jun 23, 2026Updated last week
- Open Source Maturity Model☆17Apr 30, 2024Updated 2 years ago
- in-toto is a framework to protect supply chain integrity.☆1,014Jun 20, 2026Updated last week
- ☆259Jun 22, 2026Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆108May 20, 2026Updated last month
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A specification for signing methods and formats used by Secure Systems Lab projects.☆102Nov 10, 2025Updated 7 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆240Aug 13, 2024Updated last year
- ☆156Updated this week
- Website and API for OpenSSF Scorecard☆28Updated this week
- ☆25Nov 8, 2024Updated last year
- A utility to generate SPDX-compliant Bill of Materials manifests☆459Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆76Jun 23, 2026Updated last week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆207Jun 22, 2026Updated last week
- Enrich SBOMs with data from third party services☆230May 18, 2026Updated last month
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- ☆102Sep 27, 2024Updated last year
- ☆31Jun 23, 2026Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆116Feb 28, 2026Updated 4 months ago
- Collection of tools for analyzing open source packages.☆364Jun 15, 2026Updated 2 weeks ago
- OpenSSF Working Group on Securing Software Repositories☆129Apr 6, 2026Updated 2 months ago
- Verify provenance from SLSA compliant builders☆333Mar 9, 2026Updated 3 months ago
- automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049☆19Apr 14, 2026Updated 2 months ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆1,039Jun 17, 2026Updated 2 weeks ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,548Updated this week
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more☆558Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 3 years ago
- ☆84Dec 10, 2025Updated 6 months ago
- sigstore the hard way!☆120May 29, 2026Updated last month
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,264Dec 8, 2025Updated 6 months ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆1,058Updated this week