Secure Supply Chain Consumption Framework (S2C2F)

Microsoft continues improving the Framework in partnership and collaboration with the OpenSSF. The Framework includes practices, requirements, and tools any organization can adopt to establish a secure OSS ingestion process.

Learn more
Maturity Model

The S2C2F is made up of 8 practices, but not all practices can be done all at once. Adopting the S2C2F will go through levels of maturity so you can prioritize the requirements.

Learn more
Open Source Software Threats

The S2C2F provides the support to protect your supply chains from real-life threats from compromising your organization's software and development environment.

Learn more
Microsoft contributes S2C2F to OpenSSF

On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F).

Learn More

Select practices to find out more

Getting started

Secure Supply Chain Consumption Framework (S2C2F)

The Secure Supply Chain Consumption Framework (S2C2F) Framework is a combination of processes and tools for any organization to adopt to help establish a secure OSS ingestion pipeline to protect developers from OSS Supply Chain threats, and to establish a governance program to manage your organization’s use of OSS.

Learn more

Maturity Model

The S2C2F is made up of 8 practices, but not all practices can be done all at once. Adopting the S2C2F will go through levels of maturity so you can prioritize the requirements.

Learn more

Open Source Software Threats

The S2C2F provides the support to protect your supply chains from real-life threats from compromising your organization's software and development environment.

Learn more