Software Supply Chain

Supply chain issues and attacks cause significant damage worldwide including lost revenue, costs of ransomware payments, costs of mitigation, denial of access to resources, reduced customer trust, and public deception.

The objective of the Supply Chain Integrity Working Group (WG) is to provide a global community for collaborating to help individuals and organizations assess and improve the security of end-to-end supply chains for open source software.

Projects

GUAC

Directed, actionable insights into the security of your software supply chain.

Learn More

Minder

Proactively manage security posture by providing a set of checks and policies.

Learn More

OpenBao

Manage, store, and distribute sensitive data including secrets, certificates, and keys

Learn More

OSPS Baseline

Structured security requirements aligned with international frameworks, standards, and regulations.

Learn More

Package Analysis

Improving the security of open source software by detecting malicious behavior.

Learn More

S2C2F

Guide to securely consume OSS dependencies into dev workflow.

Learn More

Security Insights Spec

Machine-processable project security information reporting.

Learn More

Sigstore

sigstore is a standard for signing, verifying, and protecting software.

Learn More

SLSA

Safeguarding artifact integrity across any software supply chain.

Learn More

Zarf

Enable continuous software delivery on systems disconnected from the internet.

Learn More

The Securing Critical Projects and Security Tooling working groups also support some of the projects in this category.

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Supply chain issues and attacks cause significant damage worldwide including lost revenue, costs of ransomware payments, costs of mitigation, denial of access to resources, reduced customer trust, and public deception.

Projects

GUAC

Minder

OpenBao

OSPS Baseline

Package Analysis

S2C2F

Security Insights Spec

Sigstore

SLSA

Zarf

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Software Supply Chain

Supply chain issues and attacks cause significant damage worldwide including lost revenue, costs of ransomware payments, costs of mitigation, denial of access to resources, reduced customer trust, and public deception.

Projects

GUAC

Minder

OpenBao

OSPS Baseline

Package Analysis

S2C2F

Security Insights Spec

Sigstore

SLSA

Zarf

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox