This is a list of materials (surveys, documents, proposals, and so on) released by the OpenSSF Securing Software Repositories Working Group.
A survey/landscape of different security mechanisms and features that are implemented across the different ecosystems as they pertain to security critical user journeys.
Guidance for package registries in adopting build provenance to verifiably link a package back to its source code and build instructions.
A proposal for introducing build provenance and cryptographic signatures to the Homebrew package manager.