Confidential Consortium Framework

Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)

OASIS OSIM TC: Working directory for OSIM TC

A standard API specification for exchanging supply chain artifacts and intelligence

Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

Source code of https://whatsrc.org/

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

A universal SBOM representation in protocol buffers

A Kubernetes controller and tool for one-way encrypted Secrets

Security risk analysis for Kubernetes resources

eBPF-based autoinstrumentation of web applications and network metrics

Open Source Package Analysis

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

For engineers and security teams driving fast and secure software supply chains

Overlay is a browser extension helping developers evaluate open source packages before picking them

🧵 CLI tool for directly patching container images!

CLI for adding OCI annotations to existing registry artifacts

Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.

This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.

⚠️ Replaced by ItalyPaleAle/Revaulter! -- Wrap and unwrap keys using a key vault with admin consent

Open Source Software Secure Supply Chain Framework

Collection of tools for analyzing open source packages.

Ubuntu ROCKs for the .NET runtime and family

A repository of strace results for lots of packages.

Template scanner for security misconfiguration and best practices

Microsoft Security DevOps for GitHub Actions.