Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/microsoft/oss-ssc-framework

Open Source Software Secure Supply Chain Framework
https://github.com/microsoft/oss-ssc-framework

Last synced: 29 days ago
JSON representation

Open Source Software Secure Supply Chain Framework

Host: GitHub
URL: https://github.com/microsoft/oss-ssc-framework
Owner: microsoft
License: other
Created: 2022-08-04T00:05:45.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-10-28T14:52:40.000Z (about 2 years ago)
Last Synced: 2024-07-15T18:03:32.980Z (5 months ago)
Homepage: https://www.microsoft.com/en-us/securityengineering/opensource
Size: 2.69 MB
Stars: 234
Watchers: 12
Forks: 9
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: Contributing.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

awesome-software-supply-chain-security - microsoft/oss-ssc-framework: Open Source Software Secure Supply Chain Framework

README

# Open Source Software (OSS) Secure Supply Chain (SSC) Framework

THIS REPO HAS BEEN CONTRIBUTED TO THE OPENSSF. THE NEW REPO IS HERE [https://github.com/ossf/s2c2f/](https://github.com/ossf/s2c2f/).

## Overview
This guide outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow. This paper is split into two parts: a solution-agonistic set of practices and a maturity model-based implementation guide. The Framework is targeted toward organizations that do software development, that take a dependency on open source software, and that seek to improve the security of their software supply chain.

The OSS SSC Framework is complete with:

* A high-level solution-agnostic set of practices
* A detailed list of requirements
* A list of real-world supply chain threats specific to OSS, and how our Framework requirements mitigates them
* A maturity model-based implementation guide, with links to tools from across the industry
* A process for assessing your organization’s maturity
* A mapping of the Framework requirements to 6 other supply chain specifications

## View or Download the OSS SSC Framework Specification

> ⭐: **Click
> _[here](./specification/Open_Source_Software_(OSS)_Secure_Supply_Chain_(SSC)_Framework.pdf)_ for the PDF of the specification**
>
> :atom:: **Click _[here](./specification/framework.md)_ to view the specification in markdown**

## Contributing

The general Community Specification Contributing Policy is captured on the [Contributing](Contributing.md) section. Specific guidelines based on the policy for how best to contribute to the OSS SSC Framework specification is [here](./specification/README.md). The living OSS SSC Framework is captured in [markdown](./specification/framework.md) and is where all updates will take place.

*SLA to Triage Issues*:
- The OSS SSC Framework working group will review, triage, and respond to issues during each Community Meeting.

## Meeting Times

*Community and Technical Meetings*:
- iCal Subscription Link

- OSS SSC Framework community meetings are held the 3rd Tuesday of every month @ 12:00 PM Pacific. Please click the iCal Subscription link above or email [email protected] to be added to the meeting invitation.

*Technical Meetings*:
- OSS SSC Framework technical meetings are held the last Monday of every month @ 2:00 PM Pacific. Please click the iCal Subscription link above or email [email protected] to be added to the meeting invitation.

[Meeting minutes and agenda](https://docs.google.com/document/d/1YG-CVbKa7pVlNNkLAOV8O7kiY5mBoFXpehc1VOW0MW4)

*Chat channels*:

- We have a Slack channel on the OpenSSF Slack instance: