search

ossf / s2c2f

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
Other
167 stars 23 forks source link

Couple of places on Microsoft site it still says Microsoft S2C2F instead of OpenSSF S2C2F #21

Closed mlieberman85 closed 1 year ago

mlieberman85 commented 1 year ago

There was some confusion from a few folks I spoke to that were unsure if it was an OpenSSF project or a Microsoft project. It says OpenSSF in some places but in other Microsoft S2C2F. I think it would help with contributions if they knew it was an official OpenSSF project.

In https://www.microsoft.com/en-us/securityengineering/opensource/osssscframeworkguide

The Microsoft S2C2F is based on three core concepts—control all artifact inputs, continuous process improvement, and scale:

The Microsoft S2C2F tools were developed to secure how developers consume OSS today at scale without requiring a central internal registry or central governance body.

adriandiglio commented 1 year ago

Thanks! The 2 places you cited have been fixed. https://www.microsoft.com/en-us/securityengineering/opensource/osssscframeworkguide