ossf / wg-metrics-and-metadataLinks
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆222Updated last year
Alternatives and similar repositories for wg-metrics-and-metadata
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
Sorting:
- OpenSSF Security Tooling Working Group☆311Updated last week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆191Updated 3 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆185Updated last year
- Helping allocate resources to secure the critical open source projects we all depend on.☆358Updated 2 months ago
- Technical Advisory Council☆127Updated 2 weeks ago
- Software Component Verification Standard (SCVS)☆148Updated 3 months ago
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆175Updated this week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆196Updated 3 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆197Updated last month
- OpenSSF Working Group on Securing Software Repositories☆110Updated last month
- ☆116Updated this week
- Open Source Vulnerability schema.☆204Updated this week
- threatspec - continuous threat modeling, through code☆361Updated 4 years ago
- A community collection of security reviews of open source software components.☆95Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆122Updated 5 months ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆210Updated last month
- OpenVEX Specification☆155Updated last month
- Generate a score for your sbom to understand if it will actually be useful.☆230Updated 11 months ago
- OpenSSF Governance and Legal Docs☆72Updated 2 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆403Updated this week
- ☆100Updated 9 months ago
- App that simplifies building decision trees to model adverse scenarios☆215Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆95Updated last week
- A reading list for software supply-chain security.☆363Updated 2 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 7 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆83Updated 2 weeks ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆325Updated 2 years ago
- Open Source Software Secure Supply Chain Framework☆236Updated 2 years ago
- Feed parsing for language package manager updates☆79Updated 7 months ago