Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OWASP/Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
https://github.com/OWASP/Software-Component-Verification-Standard
best-practices cscrm open-source owasp scrm scvs software-supply-chain supply-chain
Last synced: 3 months ago
JSON representation
Software Component Verification Standard (SCVS)
- Host: GitHub
- URL: https://github.com/OWASP/Software-Component-Verification-Standard
- Owner: OWASP
- License: cc-by-sa-4.0
- Created: 2019-08-28T15:27:27.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-04-17T19:21:07.000Z (7 months ago)
- Last Synced: 2024-07-15T18:03:09.029Z (4 months ago)
- Topics: best-practices, cscrm, open-source, owasp, scrm, scvs, software-supply-chain, supply-chain
- Language: Python
- Homepage: https://owasp.org/scvs
- Size: 6.72 MB
- Stars: 132
- Watchers: 32
- Forks: 36
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-software-supply-chain-security - OWASP/Software-Component-Verification-Standard: Software Component Verification Standard (SCVS)
README
[![Build Status](https://github.com/OWASP/Software-Component-Verification-Standard/workflows/CI%20Build/badge.svg)](https://github.com/OWASP/Software-Component-Verification-Standard/actions?workflow=CI+Build)
![GitHub](https://img.shields.io/github/license/OWASP/Software-Component-Verification-Standard)
[![Slack](https://img.shields.io/badge/chat%20on-slack-46BC99.svg)](https://owasp.slack.com/messages/project-scvs)
[![Twitter](https://img.shields.io/twitter/follow/owasp_scvs.svg?label=Follow&style=social)](https://twitter.com/owasp_scvs)# OWASP Software Component Verification Standard
The Software Component Verification Standard (SCVS) is a community-driven effort to
establish a framework for identifying activities, controls, and best practices, which can help in identifying and
reducing risk in a software supply chain.Managing risk in the software supply chain is important to reduce the surface area of systems vulnerable to exploits,
and to measure technical debt as a barrier to remediation.Measuring and improving software supply chain assurance is crucial for success. Organizations with supply chain visibility
are better equipped to protect their brand, increase trust, reduce time-to-market, and manage costs in the event of a
supply chain incident.Software supply chains involve:
- technology
- people
- processes
- institutions
- and additional variables
Raising the bar for supply chain assurance requires the active participation of
risk managers, mission owners, and business units like legal and procurement, which have not traditionally been involved
with technical implementation.Determination of risk acceptance criteria is not a problem that can be solved by enterprise tooling: it is up to risk
managers and business decision makers to evaluate the advantages and trade-offs of security measures based on system
exposure, regulatory requirements, and constrained financial and human resources. Mandates that are internally
unachievable, or that bring development or procurement to a standstill, constitute their own security and institutional
risks.SCVS is designed to be implemented incrementally, and to allow organizations to
phase in controls at different levels over time.### SCVS has the following goals:
* Develop a common set of activities, controls, and best-practices that can reduce risk in a software supply chain
* Identify a baseline and path to mature software supply chain vigilance