GithubHelp home page GithubHelp logo

doytsujin / s2c2f Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ossf/s2c2f

0.0 1.0 0.0 1.91 MB

The S2C2F SIG is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

License: Other

s2c2f's Introduction

Secure Supply Chain Consumption Framework (S2C2F) SIG

secure package icon

The S2C2F SIG is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow. This paper is split into two parts: a solution-agonistic set of practices and a maturity model-based implementation guide. The Framework is targeted toward organizations that do software development, that take a dependency on open source software, and that seek to improve the security of their software supply chain.

Motivation

[Background / use cases of the problem to be solved]

Objective

The objective for the S2C2F SIG is to develop and continuously improve upon a guide that provides the following:

  • A high-level solution-agnostic set of practices
  • A detailed list of requirements
  • A list of real-world supply chain threats specific to OSS, and how our Framework requirements mitigates them
  • A maturity model-based implementation guide, with links to tools from across the industry
  • A process for assessing your organization’s maturity
  • A mapping of the Framework requirements to 6 other supply chain specifications

View or Download the S2C2F Specification

⭐: Click here for the PDF of the specification

:atom:: Click here to view the specification in markdown

Get Involved

Quick Start

  • Areas that need contributions
  • Build information if applicable
  • Where to file issues
  • Etc.

Meeting times

Governance

[TODO: Update this link to your specific CHARTER.md file] The CHARTER.md outlines the scope and governance of our group activities.

SIG Maintainers

SIG Collaborators

s2c2f's People

Contributors

adriandiglio avatar camaleon2016 avatar jasminewang0 avatar theheels avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.