Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
OpenSSF Logo

OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.

We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofit Linux Foundation.

Working Groups:

For any questions, concerns, reports, etc., please email operations@openssf.org.

Get Involved

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 823 146

  2. ai-ml-security ai-ml-security Public

    Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

    64 11

  3. wg-securing-critical-projects wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    343 41

  4. wg-securing-software-repos wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    100 20

  5. tac tac Public

    Technical Advisory Council

    117 61

  6. foundation foundation Public

    OpenSSF Governance and Legal Docs

    72 19

Repositories

Showing 10 of 67 repositories
  • criticality_score Public

    Gives criticality score for an open source project

    ossf/criticality_score’s past year of commit activity
    Go 1,363 Apache-2.0 120 42 35 Updated Mar 3, 2025
  • osv-schema Public

    Open Source Vulnerability schema.

    ossf/osv-schema’s past year of commit activity
    Python 193 Apache-2.0 91 28 9 Updated Mar 3, 2025
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    ossf/malicious-packages’s past year of commit activity
    Go 292 Apache-2.0 30 10 4 Updated Mar 2, 2025
  • security-insights-spec Public

    Machine-readable specification for the attestation of security-relevant data.

    ossf/security-insights-spec’s past year of commit activity
    CUE 57 10 3 1 Updated Mar 2, 2025
  • package-analysis Public

    Open Source Package Analysis

    ossf/package-analysis’s past year of commit activity
    Go 820 Apache-2.0 55 60 (5 issues need help) 10 Updated Mar 1, 2025
  • fuzz-introspector Public

    Fuzz Introspector -- introspect, extend and optimise fuzzers

    ossf/fuzz-introspector’s past year of commit activity
    Python 402 Apache-2.0 63 98 (1 issue needs help) 0 Updated Mar 1, 2025
  • wg-dei Public

    The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workforce effectiveness.

    ossf/wg-dei’s past year of commit activity
    6 Apache-2.0 2 5 2 Updated Mar 1, 2025
  • glossary Public
    ossf/glossary’s past year of commit activity
    JavaScript 1 Apache-2.0 1 0 1 Updated Feb 28, 2025
  • ossf/security-baseline’s past year of commit activity
    Go 45 Apache-2.0 18 17 (2 issues need help) 4 Updated Feb 28, 2025
  • wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    ossf/wg-best-practices-os-developers’s past year of commit activity
    JavaScript 823 Apache-2.0 146 56 (2 issues need help) 10 Updated Feb 28, 2025