ossf/s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
NOASSERTION
Issues
- 2
Can s2c2f be extended and cover AI Use cases ?
#58 opened by victorjunlu - 0
Create AI Use Case workstream to extend S2C2F guidance for Data Scientist persona
#60 opened by adriandiglio - 3
- 1
Discuss with OpenSSF TAC about our plans to submit an Exploratory Report to the PAS process for International Standardization
#43 opened by adriandiglio - 8
Annotate maturity graphic with requirement ID's
#46 opened by joshuagl - 1
- 3
Clarify that SCA-5 is about tool-based analysis
#48 opened by joshuagl - 3
- 6
S2C2F needs a website
#42 opened by adriandiglio - 2
- 3
- 7
Review JFrog article on new attack types seen on NuGet, and assess against our list of mitigations today
#17 opened by adriandiglio - 4
Crosswalk with SLSA
#14 opened by david-a-wheeler - 3
- 3
The phpMyAdmin example seems misclassified.
#16 opened by stevep-arm - 2
Review marked-up review from Melba Lopez
#22 opened by david-a-wheeler - 1
Crosswalk with "Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al
#15 opened by david-a-wheeler - 4
Ensuring that binary patches, when reconstituted, are the same as the original
#13 opened by david-a-wheeler - 1
Couple of places on Microsoft site it still says Microsoft S2C2F instead of OpenSSF S2C2F
#21 opened by mlieberman85 - 0
- 1