Skip to content
@ossf

Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
README.md

OpenSSFLogo

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

OpenSSF is part of the nonprofit Linux Foundation.

For any questions, concerns, reports, etc., please email [email protected].

Communicating

Most communications happen in the following locations:

Membership

We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about the requirements and responsibilities of membership in our Membership page or see current members.

Pinned Loading

  1. wg-best-practices-os-developers wg-best-practices-os-developers Public

    The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

    JavaScript 792 139

  2. ai-ml-security ai-ml-security Public

    Potential WG on Artificial Intelligence and Machine Learning (AI/ML)

    57 10

  3. wg-securing-critical-projects wg-securing-critical-projects Public

    Helping allocate resources to secure the critical open source projects we all depend on.

    335 40

  4. wg-securing-software-repos wg-securing-software-repos Public

    OpenSSF Working Group on Securing Software Repositories

    94 19

  5. tac tac Public

    Technical Advisory Council

    111 60

  6. foundation foundation Public

    OpenSSF Governance and Legal Docs

    70 19

Repositories

Showing 10 of 67 repositories
  • alpha-omega Public

    Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

    ossf/alpha-omega’s past year of commit activity
    Open Policy Agent 86 Apache-2.0 52 52 (11 issues need help) 1 Updated Jan 2, 2025
  • fuzz-introspector Public

    Fuzz Introspector -- introspect, extend and optimise fuzzers

    ossf/fuzz-introspector’s past year of commit activity
    Python 388 Apache-2.0 59 96 (1 issue needs help) 3 Updated Jan 2, 2025
  • malicious-packages Public

    A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

    ossf/malicious-packages’s past year of commit activity
    Go 275 Apache-2.0 25 12 11 Updated Jan 2, 2025
  • criticality_score Public

    Gives criticality score for an open source project

    ossf/criticality_score’s past year of commit activity
    Go 1,345 Apache-2.0 120 41 33 Updated Jan 2, 2025
  • si-tooling Public
    ossf/si-tooling’s past year of commit activity
    Python 3 Apache-2.0 1 0 1 Updated Jan 1, 2025
  • package-analysis Public

    Open Source Package Analysis

    ossf/package-analysis’s past year of commit activity
    Go 770 Apache-2.0 51 59 (5 issues need help) 13 Updated Jan 1, 2025
  • security-insights-spec Public

    OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.

    ossf/security-insights-spec’s past year of commit activity
    CUE 54 10 3 2 Updated Jan 1, 2025
  • scorecard Public

    OpenSSF Scorecard - Security health metrics for Open Source

    ossf/scorecard’s past year of commit activity
    Go 4,684 Apache-2.0 508 341 (11 issues need help) 5 Updated Dec 31, 2024
  • scorecard-action Public

    Official GitHub Action for OpenSSF Scorecard.

    ossf/scorecard-action’s past year of commit activity
    Go 273 Apache-2.0 71 27 (1 issue needs help) 1 Updated Dec 31, 2024
  • scorecard-webapp Public

    Website and API for OpenSSF Scorecard

    ossf/scorecard-webapp’s past year of commit activity
    HTML 23 Apache-2.0 27 31 (1 issue needs help) 13 Updated Dec 31, 2024
View all repositories

Top languages

Loading…