search

Supported compliance standards

hashtag
CIS Software Supply Chain Security benchmark

The CIS Software Supply Chain Security benchmarkarrow-up-right provides prescriptive guidance for establishing a secure configuration posture for Software Development Platforms and Pipelines.

CIS Benchmarks are best practices for the secure configuration of a target system. In this case, the target system is the software supply chain.

circle-info

Visit CIS Software Supply Chain Security benchmarkarrow-up-right for further details on checkpoints evaluated by Xygeni.

hashtag
OWASP Software Component Verification Standard

The Software Component Verification Standard (SCVS) is a community-driven effort to establish a framework for identifying activities, controls, and best practices, which can help in identifying and reducing risk in a software supply chain.

circle-info

Visit OWASP Software Component Verification Standardarrow-up-right for further details on checkpoints evaluated by Xygeni.

hashtag
OpenSSF FLOSS

The OpenSSF FLOSS Best Practicesarrow-up-right is a set of recommendations from the Open Source Security Foundation (OpenSSF) Best Practices Working Grouparrow-up-right to help open source developers create and maintain more secure software.

The best practices criteria are divided into three levels, for an incremental adoption:

  • Passing focuses on best practices that well-run FLOSS projects typically already follow. Getting the passing badge is an achievement; at any one time only about 10% of projects pursuing a badge achieve the passing level.

  • Silver is a more stringent set of criteria than passing but is expected to be achievable by small and single-organization projects.

  • Gold is even more stringent than silver and includes criteria that are not achievable by small or single-organization projects.

circle-info

Visit OpenSSF FLOSS Best Practices Badgearrow-up-right for further details on checkpoints evaluated by Xygeni.

hashtag
OpenSSF Scorecard

OpenSSF Scorecardsarrow-up-right is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.

circle-info

Visit OpenSSF Scorecardsarrow-up-right for further details on checkpoints evaluated by Xygeni.

hashtag
ESF Securing the Software Supply Chain DEV

The ESF Securing the Software Supply Chain - Recommended Practices for Developersarrow-up-right is a set of guidelines aimed at improving the security of software development by reducing the risk of supply chain attacks.

The set of recommended principles are framed in 5 top-level sections:

  • Secure product criteria and management

  • Develop Secure Code

  • Verify Third-Party Components

  • Harden the Build Environment

  • Deliver Code

By following these guidelines, software developers can reduce the risk of supply chain attacks and ensure the security and integrity of their software.

circle-info

Visit ESF Securing the Software Supply Chain. Recommended Practices for Developersarrow-up-right for further details on checkpoints evaluated by Xygeni.

PreviousCompliance ScannerNextMalicious Packages DB

Last updated