Open Source Security Foundation (OpenSSF)

OpenSSF is a community of software developers and security engineers who are working together to secure open source software for the greater public good.

San Francisco, CA

Pinned Repositories

ai-ml-security
Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security
117 22 2020
allstar
GitHub App to set and enforce security policies
Language:Go1.4k 30 181141
criticality_score
Gives criticality score for an open source project
Language:Go1.4k 33 93128
foundation
OpenSSF Governance and Legal Docs
73 26 617
package-analysis
Open Source Package Analysis
Language:Go856 21 19663
scorecard
OpenSSF Scorecard - Security health metrics for Open Source
Language:Go5.1k 70 1.2k578
tac
Technical Advisory Council
132 41 21672
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Language:JavaScript943 55 205184
wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
377 58 4145
wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
122 39 1325

Open Source Security Foundation (OpenSSF)'s Repositories

ossf/criticality_score
Gives criticality score for an open source project
Language:Go1.4k 33 93128
ossf/package-analysis
Open Source Package Analysis
Language:Go856 21 19663
ossf/wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
377 58 4145
ossf/wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
222 54 1538
ossf/s2c2f
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.
215 22 2230
ossf/wg-supply-chain-integrity
Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
191 53 3035
ossf/oss-vulnerability-guide
A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
130 7 1424
ossf/wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
122 39 1325
ossf/census
📜Automated review of open source software projects
Language:HTML118 26 2830
ossf/security-reviews
A community collection of security reviews of open source software components.
Language:Python95 15 2826
ossf/package-feeds
Feed parsing for language package manager updates
Language:Go78 12 5824
ossf/Project-Security-Metrics
Collect, curate, and communicate relevant security metrics for open source projects.
Language:Python63 14 4022
ossf/scorecard-monitor
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
Language:JavaScript38 4 2514
ossf/wg-endusers
OpenSSF Endusers Working Group
28 22 1115
ossf/DevRel-community
Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and contributors.
22 11 232
ossf/toolbelt
22 21 55
ossf/project-template
OpenSSF Project Template
20 12 110
ossf/education
OpenSSF Education SIG
18 30 1316
ossf/OpenVEX
Vuln Disclosure WG's new SIG
11 23 01
ossf/Diagrammers-Society
OpenSSF Diagrammers Society
10 18 54
ossf/SIRT
The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
10 15 106
ossf/community
9 17 65
ossf/wg-bear
The BEAR (Belonging, Empowerment, Allyship, and Representation) WG, formerly DEI, was formed in December 2023 to enhance representation and cybersecurity workforce effectiveness.
83
ossf/S2C2F-attestation-schema-and-tool
Secure Supply Chain Consumption Framework (S2C2F) OSCAL Catalog and tool
Language:Python6 10 81
ossf/disclosure-check
disclosure-check
Language:Python5 15 52
ossf/si-tooling
Language:Python5 6 23
ossf/scorecard-dependencyanalysis
Scorecard action for checking when new dependencies are added to the repository.
Language:Go3 7 1
ossf/omega-moderne-client
Language:Python2 11 22
ossf/staff
Repository to keep track of staff operations
Language:Shell1 11 41
ossf/reliable-software-decomposition
Reliable Software Decomposition SIG