The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆231May 26, 2025Updated 11 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Open Source Software Secure Supply Chain Framework☆239Oct 28, 2022Updated 3 years ago
- OpenVEX Specification☆179Jan 16, 2026Updated 4 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆530Updated this week
- in-toto Attestation Framework☆335Apr 28, 2026Updated 3 weeks ago
- Supply-chain Levels for Software Artifacts☆1,868Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆87Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,493Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Format agnostic SBOM tooling☆136Nov 20, 2025Updated 6 months ago
- Umbrella Repository Service for TUF☆68May 14, 2026Updated last week
- Open Source Maturity Model☆16Apr 30, 2024Updated 2 years ago
- in-toto is a framework to protect supply chain integrity.☆999May 5, 2026Updated 2 weeks ago
- ☆258Updated this week
- A standard API specification for exchanging supply chain artifacts and intelligence☆107Mar 25, 2026Updated last month
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A specification for signing methods and formats used by Secure Systems Lab projects.☆101Nov 10, 2025Updated 6 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆242Aug 13, 2024Updated last year
- ☆154Updated this week
- Website and API for OpenSSF Scorecard☆28May 12, 2026Updated last week
- ☆24Nov 8, 2024Updated last year
- A utility to generate SPDX-compliant Bill of Materials manifests☆455May 12, 2026Updated last week
- Machine-readable specification for the attestation of security-relevant data.☆75May 11, 2026Updated last week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆193Updated this week
- Enrich SBOMs with data from third party services☆227Updated this week
- Managed hosting for WordPress and PHP on Cloudways ��• AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆102Sep 27, 2024Updated last year
- ☆31May 11, 2026Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆114Feb 28, 2026Updated 2 months ago
- Collection of tools for analyzing open source packages.☆361May 1, 2026Updated 2 weeks ago
- OpenSSF Working Group on Securing Software Repositories☆128Apr 6, 2026Updated last month
- Verify provenance from SLSA compliant builders☆328Mar 9, 2026Updated 2 months ago
- automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049☆18Apr 14, 2026Updated last month
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆1,020May 12, 2026Updated last week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,439May 14, 2026Updated last week
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more☆551May 14, 2026Updated last week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 3 years ago
- ☆82Dec 10, 2025Updated 5 months ago
- sigstore the hard way!☆118Aug 6, 2025Updated 9 months ago
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,263Dec 8, 2025Updated 5 months ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆1,034Updated this week