ossf/s2c2f external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ossf/s2c2f

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ossf/s2c2f)

Close

ossf / s2c2fView on GitHubMore

• External links
• Readme badge

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

☆229May 26, 2025Updated 10 months ago

Alternatives and similar repositories for s2c2f

Users that are interested in s2c2f are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• microsoft / oss-ssc-framework

  View on GitHub
  Open Source Software Secure Supply Chain Framework
  ☆239Oct 28, 2022Updated 3 years ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆172Jan 16, 2026Updated 2 months ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆522Updated this week
• in-toto / attestation

  View on GitHub
  in-toto Attestation Framework
  ☆328Updated this week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,839Apr 4, 2026Updated last week
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• spdx / ntia-conformance-checker

  View on GitHub
  Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
  ☆85Mar 30, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,472Updated this week
• chainguard-sandbox / bom-shelter

  View on GitHub
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Jun 1, 2023Updated 2 years ago
• bomctl / bomctl

  View on GitHub
  Format agnostic SBOM tooling
  ☆136Nov 20, 2025Updated 4 months ago
• repository-service-tuf / repository-service-tuf

  View on GitHub
  Umbrella Repository Service for TUF
  ☆65Updated this week
• finos-labs / osmm

  View on GitHub
  Open Source Maturity Model
  ☆16Apr 30, 2024Updated last year
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆990Updated this week
• buildsec / frsca

  View on GitHub
  ☆256Mar 31, 2026Updated last week
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆106Mar 25, 2026Updated 2 weeks ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆96Nov 10, 2025Updated 5 months ago
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆240Aug 13, 2024Updated last year
• ossf / security-baseline

  View on GitHub
  ☆149Updated this week
• ossf / scorecard-webapp

  View on GitHub
  Website and API for OpenSSF Scorecard
  ☆28Apr 3, 2026Updated last week
• OpenChain-Project / Security-Assurance-Specification

  View on GitHub
  ☆25Nov 8, 2024Updated last year
• kubernetes-sigs / bom

  View on GitHub
  A utility to generate SPDX-compliant Bill of Materials manifests
  ☆451Apr 3, 2026Updated last week
• oracle / macaron

  View on GitHub
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆190Updated this week
• snyk / parlay

  View on GitHub
  Enrich SBOMs with data from third party services
  ☆224Updated this week
• nyph-infosec / daggerboard

  View on GitHub
  ☆102Sep 27, 2024Updated last year
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• ossf / ossf-landscape

  View on GitHub
  ☆31Apr 1, 2026Updated last week
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆112Feb 28, 2026Updated last month
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆357Mar 9, 2026Updated last month
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆128Dec 18, 2025Updated 3 months ago
• slsa-framework / slsa-verifier

  View on GitHub
  Verify provenance from SLSA compliant builders
  ☆319Mar 9, 2026Updated last month
• chains-project / dirty-waters

  View on GitHub
  automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
  ☆18Mar 13, 2026Updated 3 weeks ago
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆1,005Apr 3, 2026Updated last week
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,363Updated this week
• chainloop-dev / chainloop

  View on GitHub
  SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
  ☆542Apr 3, 2026Updated last week
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 3 years ago
• SBOMit / specification

  View on GitHub
  ☆80Dec 10, 2025Updated 4 months ago
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆118Aug 6, 2025Updated 8 months ago
• ossf / security-insights

  View on GitHub
  Machine-readable specification for the attestation of security-relevant data.
  ☆73Mar 19, 2026Updated 3 weeks ago
• cncf / tag-security

  View on GitHub
  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
  ☆2,260Dec 8, 2025Updated 4 months ago
• chainguard-dev / nginx-image-demo

  View on GitHub
  nginx image demo
  ☆19Sep 11, 2023Updated 2 years ago
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆1,007Updated this week