Alternatives and similar repositories for wg-supply-chain-integrity

Users that are interested in wg-supply-chain-integrity are comparing it to the libraries listed below

• ossf / wg-metrics-and-metadata

  View on GitHub
  The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…
  ☆223Apr 23, 2024Updated last year
• ossf / wg-security-tooling

  View on GitHub
  OpenSSF Security Tooling Working Group
  ☆320Jul 6, 2025Updated 7 months ago
• ossf / wg-vulnerability-disclosures

  View on GitHub
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…
  ☆211Feb 4, 2026Updated last week
• ossf / wg-securing-critical-projects

  View on GitHub
  Helping allocate resources to secure the critical open source projects we all depend on.
  ☆383May 8, 2025Updated 9 months ago
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆987Feb 6, 2026Updated last week
• SBOMit / specification

  View on GitHub
  ☆75Dec 10, 2025Updated 2 months ago
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆127Dec 18, 2025Updated last month
• ossf / security-reviews

  View on GitHub
  A community collection of security reviews of open source software components.
  ☆96Feb 29, 2024Updated last year
• ossf / tac

  View on GitHub
  Technical Advisory Council
  ☆134Feb 9, 2026Updated last week
• ossf / project-template

  View on GitHub
  OpenSSF Project Template
  ☆22Nov 29, 2023Updated 2 years ago
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,809Updated this week
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆94Nov 10, 2025Updated 3 months ago
• buildsec / frsca

  View on GitHub
  ☆255Updated this week
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆118Aug 6, 2025Updated 6 months ago
• ossf / Project-Security-Metrics

  View on GitHub
  Collect, curate, and communicate relevant security metrics for open source projects.
  ☆63Mar 13, 2024Updated last year
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆167Jan 16, 2026Updated last month
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 2 years ago
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆315Updated this week
• testifysec / witness-examples

  View on GitHub
  Witness Examples
  ☆12Feb 27, 2024Updated last year
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,446Updated this week
• in-toto / demo

  View on GitHub
  Securing Alice's, Bob's and Carl's software supply chain using in-toto
  ☆104Updated this week
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆357Updated this week
• rdimitrov / go-tuf-metadata

  View on GitHub
  Go implementation of The Update Framework heavily influenced by python-tuf
  ☆14Mar 7, 2024Updated last year
• fepitre / debrebuild

  View on GitHub
  Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…
  ☆17Sep 24, 2022Updated 3 years ago
• ietf-scitt / draft-birkholz-scitt-architecture

  View on GitHub
  A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…
  ☆14Feb 17, 2023Updated 2 years ago
• ossf / wg-endusers

  View on GitHub
  OpenSSF Endusers Working Group
  ☆28Mar 21, 2024Updated last year
• ossf / s2c2f

  View on GitHub
  The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
  ☆227May 26, 2025Updated 8 months ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆972Feb 3, 2026Updated last week
• ossf / foundation

  View on GitHub
  OpenSSF Governance and Legal Docs
  ☆74Sep 9, 2025Updated 5 months ago
• Open-Source-Security-Coalition / Open-Source-Security-Coalition

  View on GitHub
  ☆41Jul 9, 2020Updated 5 years ago
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆99Jan 26, 2026Updated 3 weeks ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆514Updated this week
• in-toto / friends

  View on GitHub
  Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
  ☆20Feb 9, 2026Updated last week
• sigstore / scaffolding

  View on GitHub
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆71Feb 6, 2026Updated last week
• OWASP / packman

  View on GitHub
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆51Mar 5, 2021Updated 4 years ago
• OSSIndex / vulns

  View on GitHub
  Report missing advisories and corrections on OSS Index
  ☆17Jan 19, 2023Updated 3 years ago
• httplock / httplock

  View on GitHub
  An http proxy for reproducibility.
  ☆19Jan 10, 2023Updated 3 years ago
• tektoncd / chains

  View on GitHub
  Supply Chain Security in Tekton Pipelines
  ☆269Updated this week
• in-toto / attestation

  View on GitHub
  in-toto Attestation Framework
  ☆323Updated this week