OWASP Software Component Verification Standard
Introduction
The OWASP Software Component Verification Standard (SCVS) provides concerns, grouped by domain, of various types of activities that can be practiced in order to reduce the likelihood or impact of software supply chain risk from the use of first-party, third-party, and open source components.
The project is new, it's incubating, and it's open for review, comments, and improvements from the community.