ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆215Updated 4 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- Generate a score for your sbom to understand if it will actually be useful.☆233Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆84Updated 2 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆189Updated last year
- OpenVEX Specification☆158Updated 3 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆203Updated 5 months ago
- Enrich SBOMs with data from third party services☆195Updated last month
- ☆246Updated 2 weeks ago
- Check SPDX SBOM for NTIA minimum elements☆71Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆104Updated 2 weeks ago
- ☆102Updated last year
- ☆65Updated last year
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆200Updated last week
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆245Updated last week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆429Updated this week
- Utility that provides an API platform for validating, querying and managing BOM data☆120Updated last week
- A tool to create, transform and attest VEX metadata☆155Updated this week
- A reading list for software supply-chain security.☆364Updated 2 years ago
- A BOM repository server for distributing CycloneDX BOMs☆81Updated 3 months ago
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- ☆111Updated last week
- in-toto Attestation Framework☆298Updated 3 weeks ago
- sbomasm: The Complete SBOM Management Toolkit☆85Updated this week
- Format agnostic SBOM tooling☆115Updated last week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆332Updated 2 years ago
- Machine-readable specification for the attestation of security-relevant data.☆63Updated 2 weeks ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆408Updated 3 weeks ago
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆541Updated 4 months ago
- A universal SBOM representation in protocol buffers☆300Updated last week
- Visualizer for GUAC☆28Updated last month
- Software Component Verification Standard (SCVS)☆149Updated 6 months ago