ossf/wg-supply-chain-integrity external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ossf/wg-supply-chain-integrity

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ossf/wg-supply-chain-integrity)

Close

ossf / wg-supply-chain-integrityView on GitHubMore

• External links
• Readme badge

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.

☆204Jan 15, 2026Updated 3 months ago

Alternatives and similar repositories for wg-supply-chain-integrity

Users that are interested in wg-supply-chain-integrity are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ossf / wg-metrics-and-metadata

  View on GitHub
  The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…
  ☆223Apr 23, 2024Updated last year
• ossf / wg-security-tooling

  View on GitHub
  OpenSSF Security Tooling Working Group
  ☆322Jul 6, 2025Updated 9 months ago
• ossf / wg-vulnerability-disclosures

  View on GitHub
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…
  ☆216Feb 4, 2026Updated 2 months ago
• ossf / wg-securing-critical-projects

  View on GitHub
  Helping allocate resources to secure the critical open source projects we all depend on.
  ☆389May 8, 2025Updated 11 months ago
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆1,008Updated this week
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆128Apr 6, 2026Updated last week
• SBOMit / specification

  View on GitHub
  ☆80Dec 10, 2025Updated 4 months ago
• ossf / project-template

  View on GitHub
  OpenSSF Project Template
  ☆23Nov 29, 2023Updated 2 years ago
• ossf / security-reviews

  View on GitHub
  A community collection of security reviews of open source software components.
  ☆99Feb 29, 2024Updated 2 years ago
• ossf / tac

  View on GitHub
  Technical Advisory Council
  ☆140Apr 9, 2026Updated last week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,846Updated this week
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆97Nov 10, 2025Updated 5 months ago
• buildsec / frsca

  View on GitHub
  ☆256Updated this week
• ossf / foundation

  View on GitHub
  OpenSSF Governance and Legal Docs
  ☆76Sep 9, 2025Updated 7 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆118Aug 6, 2025Updated 8 months ago
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆322Apr 6, 2026Updated last week
• slsa-framework / governance

  View on GitHub
  SLSA implementation of Community Specification governance
  ☆26Jan 15, 2026Updated 3 months ago
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,480Updated this week
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 3 years ago
• Open-Source-Security-Coalition / Open-Source-Security-Coalition

  View on GitHub
  ☆41Jul 9, 2020Updated 5 years ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆172Jan 16, 2026Updated 3 months ago
• httplock / httplock

  View on GitHub
  An http proxy for reproducibility.
  ☆19Jan 10, 2023Updated 3 years ago
• in-toto / ITE

  View on GitHub
  in-toto Enhancements
  ☆20Feb 17, 2025Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• in-toto / demo

  View on GitHub
  Securing Alice's, Bob's and Carl's software supply chain using in-toto
  ☆104Feb 11, 2026Updated 2 months ago
• rdimitrov / go-tuf-metadata

  View on GitHub
  Go implementation of The Update Framework heavily influenced by python-tuf
  ☆14Mar 7, 2024Updated 2 years ago
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆357Apr 8, 2026Updated last week
• OWASP / packman

  View on GitHub
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆51Mar 5, 2021Updated 5 years ago
• testifysec / witness-examples

  View on GitHub
  Witness Examples
  ☆12Feb 27, 2024Updated 2 years ago
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆106Mar 25, 2026Updated 3 weeks ago
• fepitre / debrebuild

  View on GitHub
  Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…
  ☆17Sep 24, 2022Updated 3 years ago
• tektoncd / chains

  View on GitHub
  Supply Chain Security in Tekton Pipelines
  ☆270Updated this week
• ossf / OpenVEX

  View on GitHub
  Vuln Disclosure WG's new SIG
  ☆11Jan 2, 2024Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• cabforum / code-signing

  View on GitHub
  Repository for the CA/Browser Forum Code Signing Certificate Chartered Working Group
  ☆30Jan 7, 2026Updated 3 months ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆994Updated this week
• AevaOnline / supply-chain-synthesis

  View on GitHub
  Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
  ☆33Apr 4, 2023Updated 3 years ago
• ietf-scitt / draft-birkholz-scitt-architecture

  View on GitHub
  A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…
  ☆14Feb 17, 2023Updated 3 years ago
• sigstore / scaffolding

  View on GitHub
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆79Apr 10, 2026Updated last week
• act-project / TAC

  View on GitHub
  Automating Compliance Tooling Project
  ☆22Jan 28, 2022Updated 4 years ago
• carletes / bazel-python-monorepo

  View on GitHub
  A sample monorepo of several Python libraries and commands, using Bazel as build system
  ☆13Oct 11, 2017Updated 8 years ago