ossf/wg-supply-chain-integrity external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ossf/wg-supply-chain-integrity

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ossf/wg-supply-chain-integrity)

Close

ossf / wg-supply-chain-integrityView on GitHubMore

• External links
• Readme badge

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.

☆206Jan 15, 2026Updated 3 months ago

Alternatives and similar repositories for wg-supply-chain-integrity

Users that are interested in wg-supply-chain-integrity are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ossf / wg-metrics-and-metadata

  View on GitHub
  The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…
  ☆223Apr 23, 2024Updated 2 years ago
• ossf / wg-security-tooling

  View on GitHub
  OpenSSF Security Tooling Working Group
  ☆322Jul 6, 2025Updated 10 months ago
• ossf / wg-vulnerability-disclosures

  View on GitHub
  The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…
  ☆218Feb 4, 2026Updated 3 months ago
• ossf / wg-securing-critical-projects

  View on GitHub
  Helping allocate resources to secure the critical open source projects we all depend on.
  ☆391May 8, 2025Updated last year
• ossf / wg-best-practices-os-developers

  View on GitHub
  The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…
  ☆1,011Apr 24, 2026Updated 2 weeks ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• ossf / wg-securing-software-repos

  View on GitHub
  OpenSSF Working Group on Securing Software Repositories
  ☆127Apr 6, 2026Updated last month
• SBOMit / specification

  View on GitHub
  ☆81Dec 10, 2025Updated 4 months ago
• ossf / project-template

  View on GitHub
  OpenSSF Project Template
  ☆22Nov 29, 2023Updated 2 years ago
• ossf / security-reviews

  View on GitHub
  A community collection of security reviews of open source software components.
  ☆99Feb 29, 2024Updated 2 years ago
• ossf / tac

  View on GitHub
  Technical Advisory Council
  ☆143Apr 28, 2026Updated last week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,858Apr 25, 2026Updated 2 weeks ago
• secure-systems-lab / dsse

  View on GitHub
  A specification for signing methods and formats used by Secure Systems Lab projects.
  ☆98Nov 10, 2025Updated 5 months ago
• buildsec / frsca

  View on GitHub
  ☆257Updated this week
• ossf / foundation

  View on GitHub
  OpenSSF Governance and Legal Docs
  ☆75Sep 9, 2025Updated 8 months ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆323Apr 26, 2026Updated 2 weeks ago
• stacklok / sigstore-the-hard-way

  View on GitHub
  sigstore the hard way!
  ☆118Aug 6, 2025Updated 9 months ago
• slsa-framework / governance

  View on GitHub
  SLSA implementation of Community Specification governance
  ☆26Jan 15, 2026Updated 3 months ago
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,485Updated this week
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 3 years ago
• Open-Source-Security-Coalition / Open-Source-Security-Coalition

  View on GitHub
  ☆41Jul 9, 2020Updated 5 years ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆175Jan 16, 2026Updated 3 months ago
• httplock / httplock

  View on GitHub
  An http proxy for reproducibility.
  ☆19Jan 10, 2023Updated 3 years ago
• in-toto / ITE

  View on GitHub
  in-toto Enhancements
  ☆20Feb 17, 2025Updated last year
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• in-toto / demo

  View on GitHub
  Securing Alice's, Bob's and Carl's software supply chain using in-toto
  ☆104Feb 11, 2026Updated 2 months ago
• rdimitrov / go-tuf-metadata

  View on GitHub
  Go implementation of The Update Framework heavily influenced by python-tuf
  ☆14Mar 7, 2024Updated 2 years ago
• microsoft / OSSGadget

  View on GitHub
  Collection of tools for analyzing open source packages.
  ☆360May 1, 2026Updated last week
• OWASP / packman

  View on GitHub
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆51Mar 5, 2021Updated 5 years ago
• testifysec / witness-examples

  View on GitHub
  Witness Examples
  ☆12Feb 27, 2024Updated 2 years ago
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆107Mar 25, 2026Updated last month
• fepitre / debrebuild

  View on GitHub
  Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…
  ☆17Sep 24, 2022Updated 3 years ago
• tektoncd / chains

  View on GitHub
  Supply Chain Security in Tekton Pipelines
  ☆271Updated this week
• ossf / OpenVEX

  View on GitHub
  Vuln Disclosure WG's new SIG
  ☆11Jan 2, 2024Updated 2 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• cabforum / code-signing

  View on GitHub
  Repository for the CA/Browser Forum Code Signing Certificate Chartered Working Group
  ☆31Jan 7, 2026Updated 4 months ago
• in-toto / in-toto

  View on GitHub
  in-toto is a framework to protect supply chain integrity.
  ☆1,002Updated this week
• AevaOnline / supply-chain-synthesis

  View on GitHub
  Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
  ☆33Apr 4, 2023Updated 3 years ago
• ietf-scitt / draft-birkholz-scitt-architecture

  View on GitHub
  A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…
  ☆14Feb 17, 2023Updated 3 years ago
• sigstore / scaffolding

  View on GitHub
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆81May 1, 2026Updated last week
• act-project / TAC

  View on GitHub
  Automating Compliance Tooling Project
  ☆24Jan 28, 2022Updated 4 years ago
• in-toto / friends

  View on GitHub
  Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
  ☆21Apr 6, 2026Updated last month