Microsoft continues improving the Framework in partnership and collaboration with the OpenSSF. The Framework includes practices, requirements, and tools any organization can adopt to establish a secure OSS ingestion process.
The S2C2F is made up of 8 practices, but not all practices can be done all at once. Adopting the S2C2F will go through levels of maturity so you can prioritize the requirements.
The S2C2F provides the support to protect your supply chains from real-life threats from compromising your organization's software and development environment.
On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F).
The Secure Supply Chain Consumption Framework (S2C2F) Framework is a combination of processes and tools for any organization to adopt to help establish a secure OSS ingestion pipeline to protect developers from OSS Supply Chain threats, and to establish a governance program to manage your organization’s use of OSS.
The S2C2F is made up of 8 practices, but not all practices can be done all at once. Adopting the S2C2F will go through levels of maturity so you can prioritize the requirements.
The S2C2F provides the support to protect your supply chains from real-life threats from compromising your organization's software and development environment.
As supply chain continuously evolves, so must the frameworks that we use to properly secure them. For this effort, we want to make this framework as contributable and open as possible. Please see the Community Resources page to see how we plan to do this with organizations such as the OpenSSF.
