Software Component Verification Standard
  • Cover
  • Frontispiece
  • Preface
  • Using SCVS
  • Assessment and Certification
  • V1 Inventory
  • V2 Software Bill of Materials
  • V3 Build Environment
  • V4 Package Management
  • V5 Component Analysis
  • V6 Pedigree and Provenance
  • Guidance: Open Source Policy
  • Appendix A: Glossary
  • Appendix B: References
Powered by GitBook
On this page
  • About the Standard
  • Copyright and License
  • Project Leads
  • Contributors and Reviewers

Frontispiece

PreviousCoverNextPreface

Last updated 4 years ago

About the Standard

The Software Component Verification Standard is a grouping of controls, separated by control family, which can be used by architects, developers, security, legal, and compliance to define, build, and verify the integrity of their software supply chain.

Copyright and License

Copyright © 2020 The OWASP Foundation.

Version 1.0, 25 June 2020

Project Leads

  • Steve Springett

Contributors and Reviewers

  • Dave Russo

  • Garret Fick

  • JC Herz

  • John Scott

  • Mark Symons

  • Pruthvi Nallapareddy

  • Bryan Garcia

The Software Component Verification Standard is built upon the shoulders of those involved. The project is inspired by the OWASP Application Security Verification Standard and the work of their contributors.

If a credit is missing from the credit list above, please contact steve.springett@owasp.org or log a ticket at GitHub to be recognized in future updates.

This document is released under the . For any reuse or distribution, you must make clear to others the license terms of this work.

Creative Commons Attribution ShareAlike 4.0 license