Skip to content

api-evangelist/openssf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
blogs
blogs
 
 
capabilities
capabilities
 
 
finops
finops
 
 
json-ld
json-ld
 
 
json-schema
json-schema
 
 
openapi
openapi
 
 
plans
plans
 
 
rate-limits
rate-limits
 
 
README.md
README.md
 
 
apis.yml
apis.yml
 
 

Repository files navigation

OpenSSF (openssf)

The Open Source Security Foundation (OpenSSF) is a collaborative initiative under the Linux Foundation dedicated to improving the security of open source software. It brings together industry leaders, developers, and security experts to address vulnerabilities, enhance supply chain security, and develop security tools and best practices. OpenSSF stewards a number of projects with public REST APIs, including the OSV (Open Source Vulnerabilities) database, the Scorecard automated security health-check service, and Sigstore signing infrastructure.

URL: Visit APIs.json URL

Scope

  • Type: Index
  • Position: Consumer
  • Access: 3rd-Party

Tags

  • Linux Foundation, Open Source, Security, Supply Chain, Vulnerabilities

Timestamps

  • Created: 2026-03-16
  • Modified: 2026-04-28

APIs

OSV (Open Source Vulnerabilities) API

OSV is an OpenSSF-hosted distributed vulnerability database and query infrastructure. The OSV API at api.osv.dev exposes vulnerability records keyed to specific package versions or commits across multiple ecosystems including npm, PyPI, Maven, Go, NuGet, RubyGems, Cargo, Packagist, Hex, OSS-Fuzz, Linux, Android, and GitHub Actions.

Human URL: https://osv.dev/

Base URL: https://api.osv.dev

Tags

  • Vulnerabilities, Supply Chain, Database, Open Source

Properties

OpenSSF Scorecard API

The OpenSSF Scorecard API returns automated security health metrics for public open source repositories. Scorecard runs a series of checks (e.g., Branch-Protection, Code-Review, Pinned-Dependencies, Signed-Releases, Token-Permissions, Vulnerabilities) and exposes per-check scores plus an aggregate 0-10 score via api.securityscorecards.dev.

Human URL: https://scorecard.dev/

Base URL: https://api.securityscorecards.dev

Tags

  • Security Health, Repositories, Supply Chain

Properties

Sigstore Public Good APIs

Sigstore is an OpenSSF-hosted standard and service for signing, verifying, and protecting software. The public-good Sigstore instance exposes Fulcio (code-signing certificate authority) and Rekor (transparency log) APIs that can be queried programmatically to inspect signing certificates and transparency log entries.

Human URL: https://www.sigstore.dev/

Base URL: https://rekor.sigstore.dev

Tags

  • Signing, Transparency Log, Supply Chain

Properties

GUAC (Graph for Understanding Artifact Composition)

GUAC aggregates software supply-chain security metadata (SBOMs, attestations, vulnerabilities, signatures) into a queryable graph. GUAC exposes a GraphQL API for supply-chain queries when self-hosted.

Human URL: https://guac.sh/

Tags

  • SBOM, Supply Chain, GraphQL

Properties

Common Properties

Maintainers

FN: Kin Lane

Email: kin@apievangelist.com

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors