6 months ago, a small flock of motivated OpenSSF volunteers took flight and started the Security Toolbelt special interest group. Known as “Toolbelters”, their mission is to identify a set of personas, use cases, capabilities, threats, patterns that span the software supply chain to mitigate OSS security threats. These patterns align OpenSSF and other OSS security tools as they apply to various combinations of personas, use cases, capabilities, and threats. Along the way, toolbelters perform gap analysis against current tools available to mitigate threats and identify where investment and resources are needed to close gaps. The outcome is a documented toolbelt spanning the software supply chain advocating for what tools to use when, and where, in the supply chain.

At the end of this session, attendees will be able to identify tools from the OpenSSF toolbelt that apply to their area of interest in the Software Supply Chain. Attendees will also understand their participation opportunities to continue iterating on and building the toolbelt.