Useful references and resources for open source security and supply chain protection
Here are valuable references and resources for understanding and implementing open source security and supply chain protection.
Supply-chain Levels for Software Artifacts - A security framework for software supply chain integrity
Automated security health metrics for open source projects
Secure Software Development Framework for comprehensive software security
Cybersecurity controls including software asset management
Distributed vulnerability database for open source software
US government repository of standards-based vulnerability management data
Security advisories from GitHub and the open source community
Commercial vulnerability database with detailed remediation guidance
Google’s vulnerability scanner for dependencies and container images
Comprehensive security scanner for containers, IaC, and dependencies
GitHub’s automated dependency update and security alert service
Commercial security platform for finding and fixing vulnerabilities
Google’s open source insights and dependency information service
Comprehensive package manager and dependency tracking platform
Security features and audit capabilities in the npm ecosystem
Security features and best practices for Python Package Index
Lightweight software bill of materials standard and tooling
Software Package Data Exchange standard for software supply chain data
US government guidance on software bill of materials
Cybersecurity and Infrastructure Security Agency SBOM resources
US Executive Order on Improving the Nation’s Cybersecurity
Policy engine for cloud native environments and infrastructure
Framework for improving critical infrastructure cybersecurity
International standard for information security management
Annual report on software supply chain security trends
Cloud Native Computing Foundation security technical advisory group
Open Source Security Foundation research initiatives
Academic research on software engineering and security
Supply Chain Security
DevSecOps
Open Source Security
Professional Certifications
Online Courses
Hands-on Labs
Open Source Security Foundation - Cross-industry collaboration on security
Cloud Native Computing Foundation - Container and cloud security
Research on free and open source software usage and security
Open Web Application Security Project - Web application security
GitHub Actions
GitLab CI/CD
Jenkins
Image Scanning
Runtime Security
Join our Discord community for vet and SafeDep discussions
Follow security researchers and practitioners
Network security community discussions
Technology and security news discussions
This curated list represents some of the most valuable resources in the open source security and supply chain protection space. For the latest tools, research, and best practices, consider joining our community where members share updates and discoveries.
Resources are regularly updated as the security landscape evolves. Submit suggestions for additional resources through our GitHub repository or community channels.
Useful references and resources for open source security and supply chain protection
Here are valuable references and resources for understanding and implementing open source security and supply chain protection.
Supply-chain Levels for Software Artifacts - A security framework for software supply chain integrity
Automated security health metrics for open source projects
Secure Software Development Framework for comprehensive software security
Cybersecurity controls including software asset management
Distributed vulnerability database for open source software
US government repository of standards-based vulnerability management data
Security advisories from GitHub and the open source community
Commercial vulnerability database with detailed remediation guidance
Google’s vulnerability scanner for dependencies and container images
Comprehensive security scanner for containers, IaC, and dependencies
GitHub’s automated dependency update and security alert service
Commercial security platform for finding and fixing vulnerabilities
Google’s open source insights and dependency information service
Comprehensive package manager and dependency tracking platform
Security features and audit capabilities in the npm ecosystem
Security features and best practices for Python Package Index
Lightweight software bill of materials standard and tooling
Software Package Data Exchange standard for software supply chain data
US government guidance on software bill of materials
Cybersecurity and Infrastructure Security Agency SBOM resources
US Executive Order on Improving the Nation’s Cybersecurity
Policy engine for cloud native environments and infrastructure
Framework for improving critical infrastructure cybersecurity
International standard for information security management
Annual report on software supply chain security trends
Cloud Native Computing Foundation security technical advisory group
Open Source Security Foundation research initiatives
Academic research on software engineering and security
Supply Chain Security
DevSecOps
Open Source Security
Professional Certifications
Online Courses
Hands-on Labs
Open Source Security Foundation - Cross-industry collaboration on security
Cloud Native Computing Foundation - Container and cloud security
Research on free and open source software usage and security
Open Web Application Security Project - Web application security
GitHub Actions
GitLab CI/CD
Jenkins
Image Scanning
Runtime Security
Join our Discord community for vet and SafeDep discussions
Follow security researchers and practitioners
Network security community discussions
Technology and security news discussions
This curated list represents some of the most valuable resources in the open source security and supply chain protection space. For the latest tools, research, and best practices, consider joining our community where members share updates and discoveries.
Resources are regularly updated as the security landscape evolves. Submit suggestions for additional resources through our GitHub repository or community channels.