Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
OpenSSF Logo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

Working Groups:

For any questions, concerns, reports, etc., please email operations@openssf.org.

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 884 165

  2. ai-ml-security Public

    Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security

    80 13

  3. wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    356 42

  4. wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    109 21

  5. tac Public

    Technical Advisory Council

    125 67

  6. foundation Public

    OpenSSF Governance and Legal Docs

    72 17

Repositories

Showing 10 of 71 repositories
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    Go 314 Apache-2.0 42 13 8 Updated Jun 20, 2025
  • fuzz-introspector Public

    Fuzz Introspector -- introspect, extend and optimise fuzzers

    Python 418 Apache-2.0 73 101 (1 issue needs help) 2 Updated Jun 20, 2025
  • scorecard-visualizer Public

    Tool for visualizing the Open SSF Scorecard Api data in a human friendly way

    TypeScript 16 Apache-2.0 5 1 9 Updated Jun 20, 2025
  • wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 884 Apache-2.0 165 65 (4 issues need help) 12 Updated Jun 19, 2025
  • security-insights-spec Public

    Machine-readable specification for the attestation of security-relevant data.

    CUE 59 14 11 1 Updated Jun 18, 2025
  • scorecard-action Public

    Official GitHub Action for OpenSSF Scorecard.

    Go 311 Apache-2.0 74 26 (1 issue needs help) 4 Updated Jun 17, 2025
  • scorecard Public

    OpenSSF Scorecard - Security health metrics for Open Source

    Go 4,936 Apache-2.0 546 358 (12 issues need help) 6 Updated Jun 17, 2025
  • 29 Apache-2.0 27 0 0 Updated Jun 17, 2025
  • model-signing-spec Public

    Model Signing Specification

    0 Apache-2.0 0 0 0 Updated Jun 16, 2025
  • Go 89 Apache-2.0 26 34 (6 issues need help) 3 Updated Jun 16, 2025

Most used topics

Loading…