ossf/s2c2f external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ossf/s2c2f

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ossf/s2c2f)

Close

ossf / s2c2fView on GitHubMore

• External links
• Readme badge

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

☆230May 26, 2025Updated 11 months ago

Alternatives and similar repositories for s2c2f

Users that are interested in s2c2f are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• microsoft / oss-ssc-framework

  View on GitHub
  Open Source Software Secure Supply Chain Framework
  ☆239Oct 28, 2022Updated 3 years ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆173Jan 16, 2026Updated 3 months ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆523Updated this week
• in-toto / attestation

  View on GitHub
  in-toto Attestation Framework
  ☆333Updated this week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,852Updated this week
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• spdx / ntia-conformance-checker

  View on GitHub
  Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
  ☆86Apr 20, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,481Updated this week
• chainguard-sandbox / bom-shelter

  View on GitHub
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Jun 1, 2023Updated 2 years ago
• bomctl / bomctl

  View on GitHub
  Format agnostic SBOM tooling
  ☆137Nov 20, 2025Updated 5 months ago
• repository-service-tuf / repository-service-tuf

  View on GitHub
  Umbrella Repository Service for TUF
  ☆67Apr 17, 2026Updated 2 weeks ago
• finos-labs / osmm

  View on GitHub
  Open Source Maturity Model
  ☆16Apr 30, 2024Updated 2 years ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆999Apr 22, 2026Updated last week
• buildsec / frsca

  View on GitHub
  ☆257Apr 20, 2026Updated last week
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆106Mar 25, 2026Updated last month
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆98Nov 10, 2025Updated 5 months ago
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆242Aug 13, 2024Updated last year
• ossf / security-baseline

  View on GitHub
  ☆153Updated this week
• ossf / scorecard-webapp

  View on GitHub
  Website and API for OpenSSF Scorecard
  ☆28Apr 20, 2026Updated last week
• OpenChain-Project / Security-Assurance-Specification

  View on GitHub
  ☆24Nov 8, 2024Updated last year
• kubernetes-sigs / bom

  View on GitHub
  A utility to generate SPDX-compliant Bill of Materials manifests
  ☆453Apr 23, 2026Updated last week
• ossf / security-insights

  View on GitHub
  Machine-readable specification for the attestation of security-relevant data.
  ☆75Apr 17, 2026Updated 2 weeks ago
• oracle / macaron

  View on GitHub
  Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …
  ☆192Updated this week
• snyk / parlay

  View on GitHub
  Enrich SBOMs with data from third party services
  ☆224Apr 9, 2026Updated 3 weeks ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• nyph-infosec / daggerboard

  View on GitHub
  ☆102Sep 27, 2024Updated last year
• ossf / ossf-landscape

  View on GitHub
  ☆31Updated this week
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆113Feb 28, 2026Updated 2 months ago
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆360Apr 8, 2026Updated 3 weeks ago
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆127Apr 6, 2026Updated 3 weeks ago
• slsa-framework / slsa-verifier

  View on GitHub
  Verify provenance from SLSA compliant builders
  ☆321Mar 9, 2026Updated last month
• chains-project / dirty-waters

  View on GitHub
  automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
  ☆18Apr 14, 2026Updated 2 weeks ago
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆1,010Apr 24, 2026Updated last week
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,400Apr 23, 2026Updated last week
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• chainloop-dev / chainloop

  View on GitHub
  SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
  ☆547Apr 24, 2026Updated last week
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 3 years ago
• SBOMit / specification

  View on GitHub
  ☆81Dec 10, 2025Updated 4 months ago
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆118Aug 6, 2025Updated 8 months ago
• cncf / tag-security

  View on GitHub
  🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
  ☆2,266Dec 8, 2025Updated 4 months ago
• chainguard-dev / nginx-image-demo

  View on GitHub
  nginx image demo
  ☆19Sep 11, 2023Updated 2 years ago
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆1,020Apr 8, 2026Updated 3 weeks ago