Skip to content

@ossf Open Source Security Foundation (OpenSSF)

Change the repository type filter

All

    Repositories list

    69 repositories

    • wg-best-practices-os-developers

      Public
      The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
      JavaScript
      Apache License 2.0
      1568626413Updated Apr 17, 2025Apr 17, 2025

    • wg-securing-software-repos

      Public
      OpenSSF Working Group on Securing Software Repositories
      Other
      21103103Updated Apr 17, 2025Apr 17, 2025

    • malicious-packages

      Public
      A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
      Go
      Apache License 2.0
      37303109Updated Apr 17, 2025Apr 17, 2025

    • allstar

      Public
      GitHub App to set and enforce security policies
      Go
      Apache License 2.0
      1271.3k704Updated Apr 16, 2025Apr 16, 2025

    • package-analysis

      Public
      Open Source Package Analysis
      Go
      Apache License 2.0
      588296116Updated Apr 16, 2025Apr 16, 2025

    • security-baseline

      Public
      Go
      Apache License 2.0
      2078211Updated Apr 16, 2025Apr 16, 2025

    • scorecard-webapp

      Public
      Website and API for OpenSSF Scorecard
      openssf-scorecard
      HTML
      Apache License 2.0
      2824349Updated Apr 16, 2025Apr 16, 2025

    • wg-orbit

      Public
      ORBIT: Open Resources for Baselines, Interoperability, and Tooling
      Apache License 2.0
      1001Updated Apr 16, 2025Apr 16, 2025

    • si-tooling

      Public
      Python
      Apache License 2.0
      3404Updated Apr 16, 2025Apr 16, 2025

    • education

      Public
      OpenSSF Education SIG
      Apache License 2.0
      131651Updated Apr 16, 2025Apr 16, 2025

    • scorecard-visualizer

      Public
      Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
      openssfopenssf-scorecard
      TypeScript
      Apache License 2.0
      51616Updated Apr 16, 2025Apr 16, 2025

    • criticality_score

      Public
      Gives criticality score for an open source project
      Go
      Apache License 2.0
      1201.4k4331Updated Apr 16, 2025Apr 16, 2025

    • security-insights-spec

      Public
      Machine-readable specification for the attestation of security-relevant data.
      CUE
      Other
      135981Updated Apr 15, 2025Apr 15, 2025

    • tac

      Public
      Technical Advisory Council
      Other
      65122247Updated Apr 15, 2025Apr 15, 2025

    • scorecard

      Public
      OpenSSF Scorecard - Security health metrics for Open Source
      scorecardopenssf-scorecard
      Go
      Apache License 2.0
      5304.9k3504Updated Apr 15, 2025Apr 15, 2025

    • fuzz-introspector

      Public
      Fuzz Introspector -- introspect, extend and optimise fuzzers
      testingsecurityfuzz-testingvulnerability-analysissecurity-researchfuzzing
      Python
      Apache License 2.0
      67409980Updated Apr 15, 2025Apr 15, 2025

    • scorecard-action

      Public
      Official GitHub Action for OpenSSF Scorecard.
      githubsecuritysupply-chaingithub-actionsopenssf-scorecard
      Go
      Apache License 2.0
      73293261Updated Apr 15, 2025Apr 15, 2025

    • ossf-landscape

      Public
      Apache License 2.0
      272900Updated Apr 15, 2025Apr 15, 2025

    • security-assessments

      Public
      Apache License 2.0
      41431Updated Apr 13, 2025Apr 13, 2025

    • glossary

      Public
      A reference for common terms when talking about OpenSSF and open source software security.
      JavaScript
      Apache License 2.0
      1231Updated Apr 11, 2025Apr 11, 2025

    • sbom-everywhere

      Public
      Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
      Vue
      Apache License 2.0
      3088294Updated Apr 11, 2025Apr 11, 2025

    • osv-schema

      Public
      Open Source Vulnerability schema.
      Python
      Apache License 2.0
      93198289Updated Apr 9, 2025Apr 9, 2025

    • alpha-omega

      Public
      Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
      securityopensourceopen-source-security
      Open Policy Agent
      Apache License 2.0
      5595529Updated Apr 9, 2025Apr 9, 2025

    • toolbelt

      Public
      Apache License 2.0
      42000Updated Apr 4, 2025Apr 4, 2025

    • wg-vulnerability-disclosures

      Public
      The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
      Apache License 2.0
      41187260Updated Apr 2, 2025Apr 2, 2025

    • Memory-Safety

      Public
      Apache License 2.0
      142661Updated Mar 31, 2025Mar 31, 2025

    • secure-sw-dev-fundamentals

      Public
      Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
      CSS
      Creative Commons Attribution 4.0 International
      50196342Updated Mar 13, 2025Mar 13, 2025

    • wg-bear

      Public
      The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workforce effectiveness.
      Apache License 2.0
      2752Updated Mar 1, 2025Mar 1, 2025

    • wg-globalcyberpolicy

      Public
      Global Cyber Policy Working Group
      Apache License 2.0
      83952Updated Feb 28, 2025Feb 28, 2025

    • scorecard-monitor

      Public
      Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
      securitysecurity-auditsecurity-toolsgithub-actionsopen-source-managementopenssf-scorecard
      JavaScript
      Apache License 2.0
      1434136Updated Feb 15, 2025Feb 15, 2025