Open Source Security Foundation (OpenSSF)
OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
San Francisco, CA
Pinned Repositories
ai-ml-security
Potential WG on Artificial Intelligence and Machine Learning (AI/ML)
allstar
GitHub App to set and enforce security policies
criticality_score
Gives criticality score for an open source project
foundation
OpenSSF Governance and Legal Docs
package-analysis
Open Source Package Analysis
scorecard
OpenSSF Scorecard - Security health metrics for Open Source
tac
Technical Advisory Council
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
Open Source Security Foundation (OpenSSF)'s Repositories
ossf/scorecard
OpenSSF Scorecard - Security health metrics for Open Source
ossf/criticality_score
Gives criticality score for an open source project
ossf/allstar
GitHub App to set and enforce security policies
ossf/package-analysis
Open Source Package Analysis
ossf/wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
ossf/fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzers
ossf/wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
ossf/wg-security-tooling
OpenSSF Security Tooling Working Group
ossf/scorecard-action
Official GitHub Action for OpenSSF Scorecard.
ossf/wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
ossf/malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
ossf/wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
ossf/osv-schema
Open Source Vulnerability schema.
ossf/secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
ossf/s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
ossf/oss-vulnerability-guide
A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
ossf/tac
Technical Advisory Council
ossf/alpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
ossf/package-feeds
Feed parsing for language package manager updates
ossf/sbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
ossf/security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
ossf/ossf-landscape
ossf/scorecard-webapp
Website and API for OpenSSF Scorecard
ossf/DevRel-community
Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.
ossf/toolbelt
ossf/Memory-Safety
ossf/S2C2F-attestation-schema-and-tool
Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool
ossf/disclosure-check
disclosure-check
ossf/.github
Github configuration
ossf/si-tooling