The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
☆227May 26, 2025Updated 9 months ago
Alternatives and similar repositories for s2c2f
Users that are interested in s2c2f are comparing it to the libraries listed below
Sorting:
- in-toto Attestation Framework☆326Feb 17, 2026Updated last week
- OpenVEX Specification☆168Jan 16, 2026Updated last month
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆517Updated this week
- Supply-chain Levels for Software Artifacts☆1,814Feb 20, 2026Updated last week
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.☆81Feb 20, 2026Updated last week
- Open Source Software Secure Supply Chain Framework☆239Oct 28, 2022Updated 3 years ago
- ☆255Updated this week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 3 months ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,450Updated this week
- Umbrella Repository Service for TUF☆60Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- in-toto is a framework to protect supply chain integrity.☆976Feb 11, 2026Updated 2 weeks ago
- Open Source Maturity Model☆16Apr 30, 2024Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆100Feb 20, 2026Updated last week
- Format agnostic SBOM tooling☆132Nov 20, 2025Updated 3 months ago
- Website and API for OpenSSF Scorecard☆28Feb 20, 2026Updated last week
- ☆31Updated this week
- A utility to generate SPDX-compliant Bill of Materials manifests☆443Updated this week
- ☆141Updated this week
- Implementation of the OSCAL REST API☆19Feb 23, 2024Updated 2 years ago
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆187Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆73Feb 23, 2026Updated last week
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 2 months ago
- Verify provenance from SLSA compliant builders☆310Nov 20, 2025Updated 3 months ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆992Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆158Feb 16, 2026Updated last week
- SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more☆529Updated this week
- ☆76Dec 10, 2025Updated 2 months ago
- ☆25Nov 8, 2024Updated last year
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,256Dec 8, 2025Updated 2 months ago
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆149Dec 19, 2025Updated 2 months ago
- Search Rekor for entries☆39Updated this week
- ☆102Sep 27, 2024Updated last year
- Enrich SBOMs with data from third party services☆220Feb 11, 2026Updated 2 weeks ago
- Software Supply Chain Security Platform☆375Feb 23, 2026Updated last week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆197Jan 15, 2026Updated last month