ossf / wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆222Updated 9 months ago
Alternatives and similar repositories for wg-metrics-and-metadata:
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
- OpenSSF Security Tooling Working Group☆306Updated 9 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆183Updated this week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆178Updated last year
- Technical Advisory Council☆116Updated this week
- Helping allocate resources to secure the critical open source projects we all depend on.☆339Updated 4 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 11 months ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆197Updated 3 weeks ago
- Software Component Verification Standard (SCVS)☆140Updated 10 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated 2 months ago
- OpenVEX Specification☆141Updated 7 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆72Updated last week
- OpenSSF Governance and Legal Docs☆71Updated last month
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆119Updated last month
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆159Updated this week
- OpenSSF Working Group on Securing Software Repositories☆98Updated 3 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆225Updated 6 months ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆78Updated last week
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆188Updated 2 months ago
- A community collection of security reviews of open source software components.☆93Updated 11 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆382Updated this week
- A reading list for software supply-chain security.☆361Updated 2 years ago
- ☆100Updated 4 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆83Updated this week
- Enrich SBOMs with data from third party services☆158Updated last week
- Check SPDX SBOM for NTIA minimum elements☆59Updated 2 weeks ago
- ☆231Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆289Updated this week
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆137Updated 2 years ago
- Open Source Vulnerability schema.☆191Updated last week
- Open Source Software Secure Supply Chain Framework☆234Updated 2 years ago