Home of the ORC WG

Everything you ever wanted to know about the CRA and its implementation

OtterDog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively used by the Eclipse Foundation to manage its numerous projects hosted on GitHub.

Overrides (fixes) for the official CVE List in CVE JSON 5.0 format

Linux kernel source tree

Work on the Eclipse Foundation Security Handbook.

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

An open letter to the CVE Project and CNAs

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations

Common contribution content for eclipse-platform repositories

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

CoAP/DTLS Java Implementation

OpenSSF Security Tooling Working Group

Yocto Explorer: is a command line tool to ease the manipulation of files under the directory structure adopted by O.S. Systems to organize projects that use the Yocto Project

Secure Software Development Fundamentals EdX course (from the OpenSSF Best Practices WG)

Kernel for the beagleboard.org boards

Smack userspace

Public display / frontend interface for Enzyme (http://enzyme-project.org/). Powers the KDE Commit-Digest (http://commit-digest.org/).

A project-independent tool for creating regular project reports and assisting interesting statistical analysis.