The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
On 2023-06-06 Melba Lopez walked through a number of comments on the S2C2 document. See the WG meeting notes for the discussion we had then. We need to walk through the rest of the comments & then decide what to do about them. I'll be attaching the PDF she shared via Slack.
On 2023-06-06 Melba Lopez walked through a number of comments on the S2C2 document. See the WG meeting notes for the discussion we had then. We need to walk through the rest of the comments & then decide what to do about them. I'll be attaching the PDF she shared via Slack.