ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆212Updated 2 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- Generate a score for your sbom to understand if it will actually be useful.☆232Updated last year
- Check SPDX SBOM for NTIA minimum elements☆66Updated last week
- A standard API specification for exchanging supply chain artifacts and intelligence☆83Updated last month
- OpenVEX Specification☆156Updated 2 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆186Updated last year
- ☆243Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆200Updated 4 months ago
- sbomqs: The Comprehensive SBOM Quality & Compliance Tool☆222Updated last week
- Enrich SBOMs with data from third party services☆188Updated this week
- A reading list for software supply-chain security.☆363Updated 2 years ago
- A tool to create, transform and attest VEX metadata☆151Updated last week
- ☆63Updated last year
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆413Updated last week
- Utility that provides an API platform for validating, querying and managing BOM data☆118Updated this week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆99Updated 2 weeks ago
- in-toto Attestation Framework☆293Updated this week
- Format agnostic SBOM tooling☆114Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆328Updated 2 years ago
- Utility that provides an API and CLI to identify licenses and legal terms☆51Updated last month
- A universal SBOM representation in protocol buffers☆296Updated this week
- ☆103Updated this week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆195Updated 3 weeks ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆392Updated this week
- Software Component Verification Standard (SCVS)☆149Updated 4 months ago
- ☆101Updated 10 months ago
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆167Updated this week
- sbomasm: The Complete SBOM Management Toolkit☆74Updated this week
- Visualizer for GUAC☆28Updated last week
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆94Updated last week