Skip to content

microsoft/oss-ssc-framework

BranchesTags

Repository files navigation

Open Source Software (OSS) Secure Supply Chain (SSC) Framework

THIS REPO HAS BEEN CONTRIBUTED TO THE OPENSSF. THE NEW REPO IS HERE https://github.com/ossf/s2c2f/.

secure package icon

Overview

This guide outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow. This paper is split into two parts: a solution-agonistic set of practices and a maturity model-based implementation guide. The Framework is targeted toward organizations that do software development, that take a dependency on open source software, and that seek to improve the security of their software supply chain.

The OSS SSC Framework is complete with:

  • A high-level solution-agnostic set of practices
  • A detailed list of requirements
  • A list of real-world supply chain threats specific to OSS, and how our Framework requirements mitigates them
  • A maturity model-based implementation guide, with links to tools from across the industry
  • A process for assessing your organization’s maturity
  • A mapping of the Framework requirements to 6 other supply chain specifications

View or Download the OSS SSC Framework Specification

⭐: Click here for the PDF of the specification

:atom:: Click here to view the specification in markdown

Contributing

The general Community Specification Contributing Policy is captured on the Contributing section. Specific guidelines based on the policy for how best to contribute to the OSS SSC Framework specification is here. The living OSS SSC Framework is captured in markdown and is where all updates will take place.

SLA to Triage Issues:

  • The OSS SSC Framework working group will review, triage, and respond to issues during each Community Meeting.

Meeting Times

Community and Technical Meetings:

  • iCal Subscription Link

  • OSS SSC Framework community meetings are held the 3rd Tuesday of every month @ 12:00 PM Pacific. Please click the iCal Subscription link above or email [email protected] to be added to the meeting invitation.

Technical Meetings:

  • OSS SSC Framework technical meetings are held the last Monday of every month @ 2:00 PM Pacific. Please click the iCal Subscription link above or email [email protected] to be added to the meeting invitation.

Meeting minutes and agenda

Chat channels:

  • We have a Slack channel on the OpenSSF Slack instance: Slack Channel Slack Invite

About

Open Source Software Secure Supply Chain Framework

www.microsoft.com/en-us/securityengineering/opensource

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

235 stars

Watchers

12 watching

Forks

9 forks
Report repository

Releases 1

Open_Source_Software_(OSS)_Secure_Supply_Chain_(SSC)_Framework Latest
Aug 16, 2022

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •