This document captures technologies that are hosted in OpenSSF. The document covers some of the Open Source Software(OSS) security tools and frameworks that make these OpenSSF technologies possible. The technical stack in this document demonstrates how OSS security technologies make software supply chain more secure.
The goals of this document are:
- To help open source producers quickly navigate the OSS security technology landscape, discover, adopt and contribute to technical initiitves.
- To provide an easy model for our end user organizations large and small to have a framework/reference architecture to help them think about adopting OpenSSF technical projects and guidance.
Open source software maintainers, contributors and consumers are the intended audience of this document.
The document answers these questions: As an open source software producer, I'd like to adopt open source security technologies to produce more secure open source software. What resources does OpenSSF provide? As an open source software consumer, I'd like to adopt open source security technologies to consume secure open source software. What resources OpenSSF provide? As an open source software producer and a consumer, I'd like to contribute to open source security technologies, which OpenSSF projects need contributors?
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.
Reference and previous work by BEST WG:
