ossf / s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆206Updated 2 months ago
Alternatives and similar repositories for s2c2f:
Users that are interested in s2c2f are comparing it to the libraries listed below
- Generate a score for your sbom to understand if it will actually be useful.☆228Updated 8 months ago
- ☆234Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆76Updated last month
- OpenVEX Specification☆144Updated 2 weeks ago
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- Technical Advisory Council☆121Updated this week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆180Updated last year
- Enrich SBOMs with data from third party services☆165Updated 2 weeks ago
- Utility that provides an API platform for validating, querying and managing BOM data☆106Updated this week
- Check SPDX SBOM for NTIA minimum elements☆62Updated 2 weeks ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆187Updated 2 weeks ago
- ☆100Updated 6 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated this week
- Visualizer for GUAC☆28Updated last month
- A reading list for software supply-chain security.☆362Updated 2 years ago
- A tool to create, transform and attest VEX metadata☆134Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆132Updated last year
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆314Updated last year
- Format agnostic SBOM tooling☆105Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- PURL to CPE Relationship mapping project.☆86Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- SBOM quality score - Quality metrics for your sboms☆205Updated last week
- SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.☆69Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 4 months ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆74Updated 5 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆350Updated 4 months ago
- ☆62Updated 9 months ago
- A universal SBOM representation in protocol buffers☆281Updated last week