This is a list of materials (surveys, documents, proposals, and so on) released by the OpenSSF Securing Software Repositories Working Group.
A survey/landscape of different security mechanisms and features that are implemented across the different ecosystems as they pertain to security critical user journeys.
A security maturity model for package repositories, for assessing current capabilities and roadmapping future improvements.
Guidance for package registries in adopting build provenance to verifiably link a package back to its source code and build instructions.
A proposal for introducing build provenance and cryptographic signatures to the Homebrew package manager.