Open Source Security Foundation (OpenSSF)
OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.
San Francisco, CA
Pinned Repositories
ai-ml-security
Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
allstar
GitHub App to set and enforce security policies
criticality_score
Gives criticality score for an open source project
foundation
OpenSSF Governance and Legal Docs
package-analysis
Open Source Package Analysis
scorecard
OpenSSF Scorecard - Security health metrics for Open Source
tac
Technical Advisory Council
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
Open Source Security Foundation (OpenSSF)'s Repositories
ossf/scorecard
OpenSSF Scorecard - Security health metrics for Open Source
ossf/allstar
GitHub App to set and enforce security policies
ossf/wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
ossf/fuzz-introspector
Fuzz Introspector -- introspect, extend and optimise fuzzers
ossf/malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
ossf/scorecard-action
Official GitHub Action for OpenSSF Scorecard.
ossf/osv-schema
Open Source Vulnerability schema.
ossf/wg-vulnerability-disclosures
The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
ossf/secure-sw-dev-fundamentals
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
ossf/tac
Technical Advisory Council
ossf/wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
ossf/ai-ml-security
Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
ossf/security-baseline
ossf/alpha-omega
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
ossf/sbom-everywhere
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
ossf/wg-globalcyberpolicy
Global Cyber Policy Working Group
ossf/foundation
OpenSSF Governance and Legal Docs
ossf/security-insights
Machine-readable specification for the attestation of security-relevant data.
ossf/Memory-Safety
ossf/ossf-landscape
ossf/gemara
Minimizing rework for governance activities.
ossf/scorecard-webapp
Website and API for OpenSSF Scorecard
ossf/wg-orbit
ORBIT: Open Resources for Baselines, Interoperability, and Tooling
ossf/education
OpenSSF Education SIG
ossf/scorecard-visualizer
Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
ossf/security-assessments
ossf/artwork
OpenSSF Artwork
ossf/glossary
A reference for common terms when talking about OpenSSF and open source software security.
ossf/global-cybersecurity-skills-framework
Global CyberSecurity Skills Framework
ossf/.github
Github configuration