ossf / s2c2fLinks
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆208Updated this week
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 9 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆185Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆79Updated this week
- OpenVEX Specification☆150Updated 2 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆193Updated last month
- Enrich SBOMs with data from third party services☆173Updated last month
- Open Source Software Secure Supply Chain Framework☆235Updated 2 years ago
- ☆236Updated last week
- A reading list for software supply-chain security.☆363Updated 2 years ago
- Check SPDX SBOM for NTIA minimum elements☆62Updated last month
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆92Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆195Updated last month
- Format agnostic SBOM tooling☆106Updated this week
- ☆84Updated last week
- Software Component Verification Standard (SCVS)☆147Updated last month
- A tool to create, transform and attest VEX metadata☆138Updated last week
- Technical Advisory Council☆124Updated this week
- SBOM Assess - Evaluate SBOM quality and compliance☆211Updated this week
- A BOM repository server for distributing CycloneDX BOMs☆77Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 6 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆111Updated last week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆398Updated last week
- in-toto Attestation Framework☆273Updated last week
- ☆62Updated 10 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- Open Source Vulnerability schema.☆199Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆319Updated 2 years ago
- SBOM Edit - Conditional edits and merging of SBOMs☆69Updated this week
- Machine-readable specification for the attestation of security-relevant data.☆59Updated 3 weeks ago